Jetspeed 2
  1. Jetspeed 2
  2. JS2-458

J2 Security constraint is broken by DatabasePageManager

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.1-dev
    • Fix Version/s: 2.1-dev, 2.1
    • Component/s: None
    • Labels:
      None
    • Environment:
      WinXP SP2, JDK 1.4.2_10, Jetspeed 2-Branch-2.0.1, Oracle 10g, Tomcat 5.5.12

      Description

      I am not sure if this is caused by DatabasePageManager is not finished coding yet. If yes, please close this issue.

      The issue is when I switch to DatabasePageManager, I start the J2 and visit http://localhost:8080/jetspeed/ and I did not login, but I can see all the PSML tags and Administrator folder entry display too.

      I found that this is caused by class:
      org.apache.jetspeed.om.page.impl.SecurityConstraintsImpl
      org.apache.jetspeed.om.page.SecurityConstraintImpl

      SecurityConstraintImpl:
      The member variables usersList, rolesList, groupsList and permissionsList will out of synchronization with users, roles, groups and permissions in class SecurityConstraintImpl when use DatabasePagemanager.

      SecurityConstraintsImpl:
      You must call getSecurityConstraintsRefs() and getSecurityConstraints() to initialize the member variable securityConstraints and securityConstraintsRefs.

      The attached patch is a work around for this issue.

      1. patch.diff
        2 kB
        Jian Liao

        Activity

        Jian Liao created issue -
        Jian Liao made changes -
        Field Original Value New Value
        Attachment patch.diff [ 12321590 ]
        David Sean Taylor made changes -
        Assignee David Sean Taylor [ taylor ]
        David Sean Taylor made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Hide
        David Sean Taylor added a comment -

        patch applied

        Show
        David Sean Taylor added a comment - patch applied
        David Sean Taylor made changes -
        Resolution Fixed [ 1 ]
        Status In Progress [ 3 ] Resolved [ 5 ]
        Randy Watler made changes -
        Assignee David Sean Taylor [ taylor ] Randy Watler [ rwatler ]
        Hide
        Randy Watler added a comment -

        going to revisit this patch to consolidate with other fixes

        Show
        Randy Watler added a comment - going to revisit this patch to consolidate with other fixes
        Randy Watler made changes -
        Status Resolved [ 5 ] Reopened [ 4 ]
        Resolution Fixed [ 1 ]
        Hide
        Randy Watler added a comment -

        Corrected by always using users, roles, groups, and permissions lists in methods and not depending on string represeantations of ACLs for both DB and Castor XML PageManager implementations.

        Show
        Randy Watler added a comment - Corrected by always using users, roles, groups, and permissions lists in methods and not depending on string represeantations of ACLs for both DB and Castor XML PageManager implementations.
        Randy Watler made changes -
        Fix Version/s 2.1-dev [ 12310686 ]
        Status Reopened [ 4 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Hide
        Ate Douma added a comment -

        Closed again now properly recorded against Fix Version 2.1 as well

        Show
        Ate Douma added a comment - Closed again now properly recorded against Fix Version 2.1 as well
        Ate Douma made changes -
        Fix Version/s 2.1 [ 12310617 ]
        Ate Douma made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open In Progress In Progress
        1d 20h 51m 1 David Sean Taylor 31/Dec/05 09:22
        In Progress In Progress Resolved Resolved
        16s 1 David Sean Taylor 31/Dec/05 09:22
        Resolved Resolved Reopened Reopened
        7d 1h 19m 1 Randy Watler 07/Jan/06 10:41
        Reopened Reopened Resolved Resolved
        6h 5m 1 Randy Watler 07/Jan/06 16:47
        Resolved Resolved Closed Closed
        2096d 4h 50m 1 Ate Douma 04/Oct/11 22:38

          People

          • Assignee:
            Randy Watler
            Reporter:
            Jian Liao
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development