[
https://issues.apache.org/jira/browse/JSPWIKI-53?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12544869
]
Dave Wolf commented on JSPWIKI-53:
----------------------------------
I've been giving the issue some thought overnight and would like to propose the
following:
* Add a local.policy.file key / value to the jspwiki.properties file. This
specification would be used whenever there is a global jspwiki.policy file and
a specific local policy file for this wiki instance.
* Prior to attempting to acquire the default jspwiki.policy
(WEB-INF/jspwiki.policy), we check for a local policy file value. If the local
policy file value exists, then use that file, otherwise acquire the default
policy file.
Question: is there a mechanism that will provide an indication of whether the
global policy file was found or is that not a problem as jspwiki won't get this
far?
If we know that the global policy file exists, then use that if the default and
local don't exist. Otherwise, we could specify some default permissions.
> NPE When jspwiki.policy file not found in WEB-INF
> -------------------------------------------------
>
> Key: JSPWIKI-53
> URL: https://issues.apache.org/jira/browse/JSPWIKI-53
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Affects Versions: 2.6.0
> Environment: WinXP, Tomcat 5.5
> Reporter: Dave Wolf
> Fix For: 2.6.0
>
>
> In the AuthorizationManager, a call is made to
> AuthenticationManager.findConfigFile( engine, DEFAULT_POLICY ). If this
> method does not find the jspwiki.policy file, then the following line after
> the call will result in a NPE.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
