Permissions oddity

I have had a 2.4.x-beta installation of JSPWiki for a few
months now and I
just upgraded to 2.4.53 yesterday. I was fooling around with
the policy file
to restrict Anonymous and Asserted users to basically be
view and comment
only. This works...mostly. 

The reason I am calling this an oddity is that I have had
the same thing
happen, but with two different pages.  First, it occured
with page "Main". 
After I restarted the server and went to the default url
(force JSPWiki to
navigate to Main internally) then I saw the Main page, I
could also see all
other pages. However, when I navigated BACK to the Main page
(by clicking on
a link, say) then I got an error message that says
"Error: You don't have
access to 'Main'. Please log in first." 

This seems to be a problem with verifying the security of
the page. I tried
to add an ACL to the Main page that looked like 
[{ALLOW view ALL}]
[{ALLOW edit ALL}]

But that did not solve the problem. Here is the relevant
parts of
jspwiki.policy ( I didn't modify the other sections ):

grant signedBy "jspwiki", 
  principal com.ecyrd.jspwiki.auth.authorize.Role
"Anonymous" {
    permission
com.ecyrd.jspwiki.auth.permissions.PagePermission
"*",
"view,comment";
    permission
com.ecyrd.jspwiki.auth.permissions.WikiPermission
"*",
"login";
};

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.authorize.Role
"Asserted" {
    permission
com.ecyrd.jspwiki.auth.permissions.PagePermission
"*",
"view,comment";
    permission
com.ecyrd.jspwiki.auth.permissions.GroupPermission
"*",
"view";
    permission
com.ecyrd.jspwiki.auth.permissions.WikiPermission
"*",
"login";
};

I also tried adding 
    permission
com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:Main",
"view,comment"; 
to both blocks with no success. 

Later that day the problem went away, so I just thought I
made a noob
mistake.  But, today (after restarting the Wiki's Tomcat
service) I have the
same problem, but with a different page!  In this case, I
was able to
identify more of the scenario because another user found the
problem first.
Here is the actions that took place (possible relevant).

1.  She viewed the page.
2. She logged out
3. I logged in
4. I edited the page that she was able to view
5. She attempted to view the page (without logging in), but
was denied.
6. She logged in
7. She attempted to view the page, but was denied.
8. I logged out
9. I attempted to view the page (without logging in), but
was denied.
10. I logged back in
11. I attempted to view the page and was OK

The difference between the two user accounts is that I am
part of the Admin
group and she is not.

Is there something I can do to help in debugging this
problem?
-- 
View this message in context: http://www.nabble.com/Permissions-oddity-tf23072
03.html#a6413756
Sent from the JspWiki - User mailing list archive at
Nabble.com.

_______________________________________________
Jspwiki-users mailing list
Jspwiki-usersecyrd.com
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users

Permissions oddity

Thread: Permissions oddity