[gatein-issues] [JBoss JIRA] Closed: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access
Hang Nguyen (JIRA)
jira-events at lists.jboss.org
Mon May 31 22:34:51 EDT 2010
[ https://jira.jboss.org/browse/GTNPORTAL-1137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hang Nguyen closed GTNPORTAL-1137.
----------------------------------
> Permission settings in application registry not preventing unauthorized access
> ------------------------------------------------------------------------------
>
> Key: GTNPORTAL-1137
> URL: https://jira.jboss.org/browse/GTNPORTAL-1137
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: Matt Wringe
> Assignee: Khoi Nguyen
> Fix For: 3.1.0-GA
>
> Attachments: GTNPORTAL-1137.patch
>
> Original Estimate: 6 hours
> Remaining Estimate: 6 hours
>
> In the application registry, it possible to set access permission for portlets and gadgets, but this doesn't seem to work. I can change the permission of a portlet and still have an unauthorized user view its content.
> It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page.
> Steps to reproduce:
> 1) log in as root
> 2) import a portlet through the application registry
> 3) set the premissions for the portlet
> 4) add the portlet to a page
> 5) logout and access the page
> 6) the unauthorized user can view the portlet
> expected results: the user shouldn't be able to see the portlet.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list