Hello friends, I am facing some unexpected behavior with RESTful services in private wiki instance: Issue: Spaces, Tags entities can be accessed publicly through REST URL, eventhough XWiki is run in private wiki mode. Description: One of the XWiki 2.1.1 instance is setup in a private wiki mode. Guests are not allowed to register or view any page on this instance. I am also making use of authenticated services (RESTful services & XMLRPC services) for connecting 3rd party applications to this xwiki instance. However, when I access REST URLs for spaces, tags, etc there is no authentication check from XWiki. This data is publicly available. When I access a page URL, I am blocked off for authentication. Couldn't find a JIRA for this one. Could we consider this as an non-consistent behavior in terms of xwiki REST authentication where one resource is blocked while others are not. Has anyone else faced this before or has a work-around to this issue. Thank you for your time & consideration friends. Environment: XWiki : 2.1.1 stable Tomcat: 6.0.20 MySql: 5.0.45 community JDK: 1.5 (Apparently, REST services do not work for me through JDK 1.6. This could be just me facing this issue though J)