Jetspeed 2
  1. Jetspeed 2
  2. JS2-900

SiteView should throw SecurityException when a Node is not accessible instead of NodeNotFoundException

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.1.3
    • Fix Version/s: 2.2.0
    • Labels:
      None

      Description

      SiteView.getNodeProxy uses currentFolder.getAll() to lookup a target path (element).
      FolderImpl.getAll() (both PSML and DB versions) will filter out any Node for which the current user doesn't have access.

      But this means there is no distinction possible between a not-existing page access and not-allowed page access (e.g. 404 or 403).
      The ProfilerValveImpl (invoking these) already can handle a thrown SecurityException and send a SC_FORBIDDEN error (if configured to do so).
      So, the intended behavior already is to support this.

      We just need to fix SiteView.getNodeProxy a little like calling currentFolder.getAllNodes() and perform a security check itself if the path was resolved.

        Activity

        Ate Douma made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Randy Watler made changes -
        Resolution Fixed [ 1 ]
        Status Reopened [ 4 ] Resolved [ 5 ]
        David Sean Taylor made changes -
        Assignee Vivek Kumar [ firevelocity ] Randy Watler [ rwatler ]
        Vivek Kumar made changes -
        Resolution Fixed [ 1 ]
        Status Resolved [ 5 ] Reopened [ 4 ]
        Vivek Kumar made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Ate Douma made changes -
        Assignee Vivek Kumar [ firevelocity ]
        Ate Douma made changes -
        Field Original Value New Value
        Priority Major [ 3 ] Critical [ 2 ]
        Ate Douma created issue -

          People

          • Assignee:
            Randy Watler
            Reporter:
            Ate Douma
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 4h
              4h
              Remaining:
              Remaining Estimate - 4h
              4h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development