THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
These rules in Acegi's configuration (security.xml) file govern URI based
authorization used in Roller.
...
The Problem? There's no problem here. When operating without Acegi, Roller will
have to be configured with a web.xml file that specifies those contraints.
...
For each new user session, Roller creates a RollerSession object. RollerSession
calls request.getUserPrincipal().getName() to get the user name, fetches
corresponing User object from UserManager and holds on to that User object.
...
As of Roller 4.0, Roller calls hasRole() for one reason, to ensure that only
those with the admin role can:
...