ACL Ignored
-----------
Key: JSPWIKI-216
URL: https://issues.apache.org/jira/browse/JSPWIKI-216
Project: JSPWiki
Issue Type: Bug
Components: Authentication&Authorization
Affects Versions: 2.6.1
Environment: Windows XP, Tomcat 5.5
Reporter: oraps
Priority: Critical
The ACL is ignored after I added the ACL to the page. Here are the steps.
1) Edit the a new page called Test (/Edit.jsp?page=Test)
2) Enter this ACL: [{ALLOW view Admin}]
3) Logout
4) Can view the Test page (the ACL is ignored)
I see the following in the debug log:
2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG
com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test
TestWiki:http://wiki.localhost.net:8089/wiki/Test - Adding to old acl list:
[GroupPrincipal Admin], view
2008-03-18 16:23:28,893 [http-8089-Processor24] DEBUG
com.ecyrd.jspwiki.auth.acl.DefaultAclManager TestWiki:/wiki/Test
TestWiki:http://wiki.localhost.net:8089/wiki/Teset - user = Admin:
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
user = Anonymous:
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","view"))
user = Admin:
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","TestWiki:Test","edit"))
The ACL setting on the page-level is ignored. The security is taken from the
jspwiki.policy file.
When I restart Tomcat, the ACL setting on the page-level is enforced. However,
if I make any change to the ACL, I notice that the ACL setting is ignored
again. The ACL changes include the followings: 1) edit the ACL setting on the
same page or other pages, and 2) creating new JSPWiki group.
This issue seems like a caching issue.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
