Uploaded image for project: 'ACE'
  1. ACE
  2. ACE-511

ScriptServlet does not apply security

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.0.1
    • 2.1.0
    • Authentication
    • n/a

    Description

      Looking at the sourcecode, authentication on endpoints is enforced by calling AuthenticationService from the servlet's service() methods. However, the ScriptServlet (executing arbitrary Gogo scrips) does not call this service.

      I'm not sure what the rationale is for not using an HttpContext and/or Servlet filter to enforce authentication on all endpoints, but that would have prevented this situations from arising...

      Attachments

        1. ACE-511.patch
          8 kB
          Bram Pouwelse

        Issue Links

          is broken by

          New Feature - A new feature of the product, which has yet to be developed. ACE-460 Provide a way to automate client access to an ACE server using a script

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              jajans J.W. Janssen
              sandermak Sander Mak
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: