Jetspeed 2
  1. Jetspeed 2
  2. JS2-458

J2 Security constraint is broken by DatabasePageManager

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.1-dev
    • Fix Version/s: 2.1-dev, 2.1
    • Component/s: None
    • Labels:
      None
    • Environment:
      WinXP SP2, JDK 1.4.2_10, Jetspeed 2-Branch-2.0.1, Oracle 10g, Tomcat 5.5.12

      Description

      I am not sure if this is caused by DatabasePageManager is not finished coding yet. If yes, please close this issue.

      The issue is when I switch to DatabasePageManager, I start the J2 and visit http://localhost:8080/jetspeed/ and I did not login, but I can see all the PSML tags and Administrator folder entry display too.

      I found that this is caused by class:
      org.apache.jetspeed.om.page.impl.SecurityConstraintsImpl
      org.apache.jetspeed.om.page.SecurityConstraintImpl

      SecurityConstraintImpl:
      The member variables usersList, rolesList, groupsList and permissionsList will out of synchronization with users, roles, groups and permissions in class SecurityConstraintImpl when use DatabasePagemanager.

      SecurityConstraintsImpl:
      You must call getSecurityConstraintsRefs() and getSecurityConstraints() to initialize the member variable securityConstraints and securityConstraintsRefs.

      The attached patch is a work around for this issue.

      1. patch.diff
        2 kB
        Jian Liao

        Activity

        Hide
        David Sean Taylor added a comment -

        patch applied

        Show
        David Sean Taylor added a comment - patch applied
        Hide
        Randy Watler added a comment -

        going to revisit this patch to consolidate with other fixes

        Show
        Randy Watler added a comment - going to revisit this patch to consolidate with other fixes
        Hide
        Randy Watler added a comment -

        Corrected by always using users, roles, groups, and permissions lists in methods and not depending on string represeantations of ACLs for both DB and Castor XML PageManager implementations.

        Show
        Randy Watler added a comment - Corrected by always using users, roles, groups, and permissions lists in methods and not depending on string represeantations of ACLs for both DB and Castor XML PageManager implementations.
        Hide
        Ate Douma added a comment -

        Closed again now properly recorded against Fix Version 2.1 as well

        Show
        Ate Douma added a comment - Closed again now properly recorded against Fix Version 2.1 as well

          People

          • Assignee:
            Randy Watler
            Reporter:
            Jian Liao
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development