Jetspeed 2
  1. Jetspeed 2
  2. JS2-458

J2 Security constraint is broken by DatabasePageManager

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.1-dev
    • Fix Version/s: 2.1-dev, 2.1
    • Component/s: None
    • Labels:
      None
    • Environment:
      WinXP SP2, JDK 1.4.2_10, Jetspeed 2-Branch-2.0.1, Oracle 10g, Tomcat 5.5.12

      Description

      I am not sure if this is caused by DatabasePageManager is not finished coding yet. If yes, please close this issue.

      The issue is when I switch to DatabasePageManager, I start the J2 and visit http://localhost:8080/jetspeed/ and I did not login, but I can see all the PSML tags and Administrator folder entry display too.

      I found that this is caused by class:
      org.apache.jetspeed.om.page.impl.SecurityConstraintsImpl
      org.apache.jetspeed.om.page.SecurityConstraintImpl

      SecurityConstraintImpl:
      The member variables usersList, rolesList, groupsList and permissionsList will out of synchronization with users, roles, groups and permissions in class SecurityConstraintImpl when use DatabasePagemanager.

      SecurityConstraintsImpl:
      You must call getSecurityConstraintsRefs() and getSecurityConstraints() to initialize the member variable securityConstraints and securityConstraintsRefs.

      The attached patch is a work around for this issue.

      1. patch.diff
        2 kB
        Jian Liao

        Activity

        Ate Douma made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Ate Douma made changes -
        Fix Version/s 2.1 [ 12310617 ]
        Hide
        Ate Douma added a comment -

        Closed again now properly recorded against Fix Version 2.1 as well

        Show
        Ate Douma added a comment - Closed again now properly recorded against Fix Version 2.1 as well
        Randy Watler made changes -
        Fix Version/s 2.1-dev [ 12310686 ]
        Status Reopened [ 4 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Hide
        Randy Watler added a comment -

        Corrected by always using users, roles, groups, and permissions lists in methods and not depending on string represeantations of ACLs for both DB and Castor XML PageManager implementations.

        Show
        Randy Watler added a comment - Corrected by always using users, roles, groups, and permissions lists in methods and not depending on string represeantations of ACLs for both DB and Castor XML PageManager implementations.
        Randy Watler made changes -
        Status Resolved [ 5 ] Reopened [ 4 ]
        Resolution Fixed [ 1 ]
        Hide
        Randy Watler added a comment -

        going to revisit this patch to consolidate with other fixes

        Show
        Randy Watler added a comment - going to revisit this patch to consolidate with other fixes
        Randy Watler made changes -
        Assignee David Sean Taylor [ taylor ] Randy Watler [ rwatler ]
        David Sean Taylor made changes -
        Resolution Fixed [ 1 ]
        Status In Progress [ 3 ] Resolved [ 5 ]
        Hide
        David Sean Taylor added a comment -

        patch applied

        Show
        David Sean Taylor added a comment - patch applied
        David Sean Taylor made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        David Sean Taylor made changes -
        Assignee David Sean Taylor [ taylor ]
        Jian Liao made changes -
        Field Original Value New Value
        Attachment patch.diff [ 12321590 ]
        Jian Liao created issue -

          People

          • Assignee:
            Randy Watler
            Reporter:
            Jian Liao
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development