Impersonation in GateIn Portal
by Marek Posolda
Hi all,
We've been requested several times by our users/customers to add
"impersonation" feature.
It may be useful for portal administrator to have possibility to
temporary login as another user without knowing his password. For
example: User /root/ wants to verify that user /mary/ really doesn't
have permission to see page X or portlet Y on page Z.
I've added specification page here
https://community.jboss.org/wiki/ImpersonationInGateInPortal . Feel free
to provide feedback here or in comments of specification.
Have a nice weekend!
Marek
10 years, 10 months
Intellij license
by Julien Viet
It should expire next week.
I asked for a one year renewal.
I'll keep you informed.
Julien
11 years, 3 months
Resolved NodePath in PortalRequestContext
by Nick Scavelli
TLDR: eXo.env.server.portalBaseURL and eXo.env.server.portalURLTemplate
have changed to include only the resolved path.
I've made a change (http://git.io/ogoWhw) which has only been applied to
master so it can resonate a bit in hopes there are no issues. I have
added a resolvedNodePath field to PortalRequestContext (even though I
think nodePath should be changed) to represent the resolved path of the
portal. Meaning if I go to URL /portal/classic/home/foo the resolved
path is just /home not /home/foo.
The reason for this change was that a fix was applied to decode the
nodePath in order to avoid XSS in the URL since we use this value to
create the JavaScript variables eXo.env.server.portalBaseURL and
eXo.env.server.portalURLTemplate. However this caused an issue for
non-ascii node names since the route couldn't be found after decoding. I
think the resolvedNodePath is a better solution however it does change
the behavior of the JS variables I mentioned.
If anyone sees a potential issue with this solution please discuss here.
- Nick
11 years, 5 months
Memory leak in ConversationRegistry when user logout
by Phuong Viet VU
Hi all, I'm working on this issue GTNPORTAL-3184. To summary:
when user logout, the sessionDestroyed event is dispatched
and JAASConversationStateListener listener will clear the coressponding
Conversation object in the registry.
In WCI (TC7ServletContainerContext class) we have logout code like this:
*//This will change the sessionID*
servletRequest.logout();
...
*//This code dispatch sessionDistroyed event*
webapp.invalidateSession();
...
The JAASConversationStateListener receive session destroyed event but with
a difference sessionID. Then it can not remove the corresponding
Conversation object in the ConversationRegitry service
this cause memory leak in the ConversationRegitry and
IdentityRegistry service
Should we fix this in WCI ? I'm not sure about the solution, can someone
help me on this ?
11 years, 5 months
How to handle new gatein-object version?
by Matt Wringe
I need to update the gatein-object to a new version (1.5) to include the
redirect configuration (which have actually been around for a while, but
I somehow missed updating the xsd to include them).
Is there anything special which needs to be done to release a new
version? Do all the *.xml files have to be updated to the latest? Do we
have to upload the xsd somewhere?
Thanks,
Matt Wringe
11 years, 6 months
