[jboss-jira] [JBoss JIRA] Updated: (JBPORTAL-1646) portal-cms depends on existence of user 'admin'
Thomas Heute (JIRA)
jira-events at lists.jboss.org
Wed Oct 10 07:07:03 EDT 2007
[ http://jira.jboss.com/jira/browse/JBPORTAL-1646?page=all ]
Thomas Heute updated JBPORTAL-1646:
-----------------------------------
Fix Version/s: 2.6.3 Final
> portal-cms depends on existence of user 'admin'
> -----------------------------------------------
>
> Key: JBPORTAL-1646
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-1646
> Project: JBoss Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Portal CMS
> Affects Versions: 2.6.1 Final
> Reporter: Tobias Roth
> Assigned To: Sohil Shah
> Fix For: 2.6.3 Final
>
>
> cms/src/main/org/jboss/portal/cms/impl/jcr/JCRCMS.java has the user 'admin' hardcoded:
> /** Loads content from sar and adds it to the repo. */
> public void createContent() throws Exception
> {
> log.info("Creating default CMS content.");
>
> // Get the content
> URL root = Thread.currentThread().getContextClassLoader().getResource(defaultContentLocation);
>
> //make the user executing these to create the default content, an 'Admin' user
> //without this, the fine grained security won't allow the creation
> UserModule userModule = getUserModule();
> if(userModule != null)
> {
> org.hibernate.Session session = org.jboss.portal.cms.hibernate.state.Tools.getOpenSession();
> org.hibernate.Transaction tx = session.beginTransaction();
> User user = userModule.findUserByUserName("admin"); // HERE
> if(user!=null)
> {
> JCRCMS.getUserInfo().set(user);
> }
> tx.rollback();
> org.jboss.portal.cms.hibernate.state.Tools.closeSession(session);
> }
> If it doesn't exist (for example because LDAP is being used), portal-cms cannopt be deployed, and several database tables are not created. If 'admin' is changed to an existing user, everything works fine.
> There is another reference to 'admin' in cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java, but leaving this as it is doesn't seem to have any negative effect.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list