Status: Closed (View Workflow)
Affects Version/s: 3.1
Fix Version/s: 3.5
Component/s: Server - Authentication
compiled from source, running on tomcat 6.0.14, jdk1.6.0_16, debian lenny (stable)
same for the crowd instance.
Bug Fix Policy:
We've recently decided to clean up our permission scheme a bit, and part of this involved using nested groups. We already used Crowd to link our Confluence instance (as well as JIRA and some third-party things) to our Active Directory server, and Crowd supports nested groups so we didn't think there would be any problem.
Since then however, it happens regularly that users can't access a certain space in Confluence to which they should have access through nested groups. For example, there would be a space called "Human Resources", to which a group called "confluence-hr" has full access. Then there would be a group "Management" that is a member of the "confluence-hr" group amongst others, and obviously the management people are members of this group. The goal is to be able to add people to just one or two "role" groups like "Management" by which they get all the permissions they need, while also being able to keep fine-grained control, so that if someone needs just access to the HR space, we add them to the confluence-hr group and they don't get access to everything else like Management.
The only fix I've been able to find is restarting the Confluence instance. After a restart, everything works fine again, but a bit later the same problem arises. This happens sometimes several times a day, and it's very irritating. Can anyone suggest a proper fix for this, or is this a genuine bug?
This is caused by
We have still not been able to find the source of the problem within the confluence code, however we do know that someone the confluence caches are affecting the crowd caches.
We have attached the crowd-integration-client-2.0.7-CWD-1996.jar which shades net.sf.ehcache to com.atlassian.crowd.shaded.ehcache. What this means is that there is no possible way that Confluence could have any effect whatsoever with the Crowd integration client's caches. They are essentially different classes that Confluence knows nothing about.
To apply the patch, upgrade to crowd 2.0.7 and in your confluence instance, remove the any other Crowd integration client JARs from
and place the attached crowd-integration-client-2.0.7-CWD-1996.jar and restart confluence.
This integration is being completely rewritten for Crowd 2.1 / Confluence 3.5, which will fix this bug permantently.