Uploaded image for project: 'Jetspeed 2'
  1. Jetspeed 2
  2. JS2-458

J2 Security constraint is broken by DatabasePageManager

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.1-dev
    • Fix Version/s: 2.1-dev, 2.1
    • Component/s: None
    • Labels:
      None
    • Environment:
      WinXP SP2, JDK 1.4.2_10, Jetspeed 2-Branch-2.0.1, Oracle 10g, Tomcat 5.5.12

      Description

      I am not sure if this is caused by DatabasePageManager is not finished coding yet. If yes, please close this issue.

      The issue is when I switch to DatabasePageManager, I start the J2 and visit http://localhost:8080/jetspeed/ and I did not login, but I can see all the PSML tags and Administrator folder entry display too.

      I found that this is caused by class:
      org.apache.jetspeed.om.page.impl.SecurityConstraintsImpl
      org.apache.jetspeed.om.page.SecurityConstraintImpl

      SecurityConstraintImpl:
      The member variables usersList, rolesList, groupsList and permissionsList will out of synchronization with users, roles, groups and permissions in class SecurityConstraintImpl when use DatabasePagemanager.

      SecurityConstraintsImpl:
      You must call getSecurityConstraintsRefs() and getSecurityConstraints() to initialize the member variable securityConstraints and securityConstraintsRefs.

      The attached patch is a work around for this issue.

      1. patch.diff
        2 kB
        Jian Liao

        Activity

        Hide
        taylor David Sean Taylor added a comment -

        patch applied

        Show
        taylor David Sean Taylor added a comment - patch applied
        Hide
        rwatler Randy Watler added a comment -

        going to revisit this patch to consolidate with other fixes

        Show
        rwatler Randy Watler added a comment - going to revisit this patch to consolidate with other fixes
        Hide
        rwatler Randy Watler added a comment -

        Corrected by always using users, roles, groups, and permissions lists in methods and not depending on string represeantations of ACLs for both DB and Castor XML PageManager implementations.

        Show
        rwatler Randy Watler added a comment - Corrected by always using users, roles, groups, and permissions lists in methods and not depending on string represeantations of ACLs for both DB and Castor XML PageManager implementations.
        Hide
        adouma Ate Douma added a comment -

        Closed again now properly recorded against Fix Version 2.1 as well

        Show
        adouma Ate Douma added a comment - Closed again now properly recorded against Fix Version 2.1 as well

          People

          • Assignee:
            rwatler Randy Watler
            Reporter:
            norwaywoods Jian Liao
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development