Public area in protected wiki

Hoi,

we’re using XWiki 6.4.6. Our wiki is generally login-protected. The
accounts are created by us. However, there is one Public space,
which should be readable for guests.

Our previous configuration relied on a blacklist approach, enabling
general read access for guests, but denying it on all other of our
spaces. We hadn’t realized that user profiles were public this way
:frowning: , we now switched to a whitelist approach, denying general
access to guests, but giving them explicit read access to the Public
space. We had to allow read access for the color theme as well.

This works so far, but results in a strange effect, displayed on the
following screenshot of the lower part of the Public page: The
Annotations/Attachments/History/Information tabs show a login form
with full header and footer. We cannot figure out why this is … and
more importantly for us, how we avoid it.

xwiki-guest-login-form

It would be great if you could help us with that.

meillo

Hi, first thing would be to upgrade to a recent XWiki version, i.e. the LTS (XWiki 9.11.7) or XWiki 10.8 (released yesterday). Your version is about 4 years old which is an eternity for us. A lot has happened since then :wink:

Note that we don’t support old versions of XWiki, see https://www.xwiki.org/xwiki/bin/view/Main/Support#HSupportedVersions

Regarding your issue, I remember at least 2 jira issue about this across the years that got fixed so upgrading would probably solve it.

PS: If you need help to upgrade you could contact one of the companies sponsoring the dev of XWiki, see https://www.xwiki.org/xwiki/bin/view/Main/Support#HProfessionalSupport (they could do it for it). Ofc if you have specific questions on the upgrade you can post them here.

Thanks for the very quick reply!

You’re right, we should upgrade. I’m not sure if this will be possible in our situation. I’ll suggest it to the relevant persons. Thanks for the hint for upgrade helpers as well.

If anyone has some further ideas, besides upgrading, they are welcome, nonetheless. :wink:

Idea: If you can locate the existing issues in jira then you could check the commit tab and see what was done to fix them.