Uploaded image for project: 'Jetspeed (Retired)'
  1. Jetspeed (Retired)
  2. JS1-561

Incorrect evaluation of PSML security constraint in order of ACL caching

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.6
    • None
    • Cache, PSML, Security
    • None
    • SLES 9, Tomcat 5.5.15, Java 5, Oracle 9i R2

    Description

      Using filebased PSML management and referencing a group-based security constraint in a role-based PSML source like:

      <security-entry name="group1_only">
      <meta-info>
      <title>group1</title>
      </meta-info>
      <access action="view">
      <allow-if group="group1"/>
      </access>
      <access action="*">
      <allow-if role="admin"/>
      </access>
      </security-entry>

      fails if you change the group affiliation "group1" for user1 in the database. After changing the group, the user stills sees the portlets only accessed by members of group1.

      Workaround:
      After restarting Tomcat everything works fine. It seems that the ACLs get cached somewhere and do not get updated during the JS1 instances is running.

      Question:
      Are there other suggestions how to "trigger" the refreshment of the cache?

      Attachments

        Activity

          People

            Unassigned Unassigned
            hsp2006 Hans Plum
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: