[
https://issues.apache.org/jira/browse/JSPWIKI-687?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Harry Metske updated JSPWIKI-687:
---------------------------------
Security: (was: Security Vulnerability Disclosure)
> 2.8.4 - ACL/jspwiki.policy ignored
> ----------------------------------
>
> Key: JSPWIKI-687
> URL: https://issues.apache.org/jira/browse/JSPWIKI-687
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Affects Versions: 2.8.4
> Environment: CentOS 5.5, JDK 1.6.0_24, JSPWiki 2.8.4
> Reporter: Ken George
> Priority: Critical
> Labels: security
>
> For some reason, security policy file (jspwiki.policy) is being ignored!
> This was working, but for some reason, inexplicably stopped. Re-installed
> product using downloaded .war file on new machine and followed same steps to
> implement restricted access for Anonymous/Asserted users and removed access
> to ALL users (with acception of Admin user) - problem still exists! Setting
> ACL in page [{ALLOW view Admin}] on Main, LeftMenu, News pages is also
> ignored and not taken into affect with user attempts to view page (user can
> still EDIT page even though policy removed modify from PagePermissions).
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
