Jetspeed 2
  1. Jetspeed 2
  2. JS2-458

J2 Security constraint is broken by DatabasePageManager

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.1-dev
    • Fix Version/s: 2.1-dev, 2.1
    • Component/s: None
    • Labels:
      None
    • Environment:
      WinXP SP2, JDK 1.4.2_10, Jetspeed 2-Branch-2.0.1, Oracle 10g, Tomcat 5.5.12

      Description

      I am not sure if this is caused by DatabasePageManager is not finished coding yet. If yes, please close this issue.

      The issue is when I switch to DatabasePageManager, I start the J2 and visit http://localhost:8080/jetspeed/ and I did not login, but I can see all the PSML tags and Administrator folder entry display too.

      I found that this is caused by class:
      org.apache.jetspeed.om.page.impl.SecurityConstraintsImpl
      org.apache.jetspeed.om.page.SecurityConstraintImpl

      SecurityConstraintImpl:
      The member variables usersList, rolesList, groupsList and permissionsList will out of synchronization with users, roles, groups and permissions in class SecurityConstraintImpl when use DatabasePagemanager.

      SecurityConstraintsImpl:
      You must call getSecurityConstraintsRefs() and getSecurityConstraints() to initialize the member variable securityConstraints and securityConstraintsRefs.

      The attached patch is a work around for this issue.

      1. patch.diff
        2 kB
        Jian Liao

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Randy Watler
            Reporter:
            Jian Liao
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development