All, after some struggling to understand why I could not see global rss,
I noticed this post:
*Q:* My RSS feed isn't working, I've already checked the common things
like BaseURL and properties. Could it be that it is because of my
security policy, which needs the user to be authenticated to do anything?
--FlorianHoleczek <http://www.jspwiki.org/wiki/FlorianHoleczek>
*A:* The global RSS feed won't show any pages that an anonymous user
does not have access to. Page-specific feeds use the current HTTP
request to determine the credentials.
--JanneJalkanen <http://www.jspwiki.org/wiki/JanneJalkanen>
While this makes a lot of sense in general, it is also true that the
policy is safe but a bit stronger. I would say authenticated users
*should* be able to
see an rss restricted to the pages they have access too.
Albeit the obvious drawback is that in this case the rss would have to
be generated or filtered on the fly.
a) generation on the fly would probably be simpler - just taking down
credentials to rss generation (generateFullWikiRSS - or variant)
b) filtering also would probably not be too difficult. Just removing
checks on credentials withing generateFullWikiRSS (assuming if the wiki
is managed to handle only authenticated users the rss.rdf can be
protected for direct access as well) and adding a filter in the serving
page.
Anyone else share my thoughts? Further hints on the subject?
