[jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-3224) RememberMe autologin mode is broken

Stefano Travelli (JIRA) jira-events at lists.jboss.org
Wed Aug 6 09:33:56 EDT 2008 

     [ https://jira.jboss.org/jira/browse/JBSEAM-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stefano Travelli updated JBSEAM-3224:
-------------------------------------

    Attachment: Test_for_RunAsOperation_(JBSEAM-3224).patch


Here is a test case for the bug.

It doesn't emulate the entire auto login cycle but only check the systemOperation flag in RunAsOperation.
However it fails with current trunk and passes with the patch.




> RememberMe autologin mode is broken
> -----------------------------------
>
>                 Key: JBSEAM-3224
>                 URL: https://jira.jboss.org/jira/browse/JBSEAM-3224
>             Project: Seam
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.1.0.A1
>         Environment: Ubuntu 8.04, JBoss 4.2.2, JVM 1.6.0_04, Seam 2.1 trunk as of Aug 6th 2008.
>            Reporter: Stefano Travelli
>         Attachments: RunAsOperation.patch, Test_for_RunAsOperation_(JBSEAM-3224).patch
>
>
> Setting remember-me autologin mode doesn't work.
> To reproduce the problem:
>  - take the Seam Space example and apply the steps described in chapter 15.3.5.1 of the reference documentation.
>  - login with "Remember me" set
>  - force the autologin mechanism by deleting the JSESSIONID cookie and clicking refresh on the browser.
> The following exception is logged:
> org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[seam.user,read]
> 	at org.jboss.seam.security.Identity.checkPermission(Identity.java:563)
> 	at org.jboss.seam.security.management.IdentityManager.isUserEnabled(IdentityManager.java:127)
> 	at org.jboss.seam.security.RememberMe$1.execute(RememberMe.java:282)
> 	at org.jboss.seam.security.Identity.runAs(Identity.java:711)
> 	at org.jboss.seam.security.RunAsOperation.run(RunAsOperation.java:84)
> 	at org.jboss.seam.security.RememberMe.quietLogin(RememberMe.java:278)
> The problem is originated from what seems to me a typo in RunAsOperation class constructor, where the 'systemOp' flag is never set to true, regardless of the value passed.
>    public RunAsOperation(boolean systemOp)
>    {      
>       this();
>       systemOp = true;
>    }
> It should be:
> this.systemOp = systemOp;

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list