[gatein-issues] [JBoss JIRA] (GTNPORTAL-2211) Declare the MembershipUpdateListener in organization-configuration.xml

[ https://issues.jboss.org/browse/GTNPORTAL-2211?page=com.atlassian.jira.pl... ] RH Bugzilla Integration commented on GTNPORTAL-2211: ---------------------------------------------------- mposolda(a)redhat.com made a comment on [bug 793804|https://bugzilla.redhat.com/show_bug.cgi?id=793804] Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1 @@ -It was discovered that changing memberships of already authenticated users did not immediately take effect. If a user had administrative membership revoked, and remained logged onto the portal, the privileges were still accessible for up to 30 minutes until the user permissions cache was refreshed. This could permit the user to perform undesirable actions in the portal. The fix introduces a new listener "MembershipUpdateListener" which has been added to organization-configuration.xml directive file. The listener immediately updates authenticated user memberships based on information in the ConversationRegistry. Changes to user memberships now take effect immediately, which corrects the originally reported issue.+It was discovered that changing memberships of already authenticated users did not immediately take effect. If a user had administrative membership revoked, and remained logged onto the portal, the privileges were still accessible for up to 30 minutes until the user permissions cache was refreshed. This could permit the user to perform undesirable actions in the portal. The fix introduces a new listener "MembershipUpdateListener" which has been added to EPP_HOME/server/<PROFILE>/deploy/gatein.ear/02portal.war/WEB-INF/conf/organization/organization-configuration.xml directive file. The listener immediately updates authenticated user memberships based on information in the ConversationRegistry. Changes to user memberships now take effect immediately, which corrects the originally reported issue. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira