[JBoss JIRA] Created: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access

[JBoss JIRA] Created:...

Matt Wringe (JIRA)

Wednesday, 28 April 2010 Wed, 28 Apr '10

1:45 p.m.

Permission settings in application registry not preventing unauthorized access ------------------------------------------------------------------------------ Key: GTNPORTAL-1137 URL: https://jira.jboss.org/jira/browse/GTNPORTAL-1137 Project: GateIn Portal Issue Type: Bug Security Level: Public (Everyone can see) Reporter: Matt Wringe In the application registry, it possible to set access permission for portlets and gadgets, but this doesn't seem to work. I can change the permission of a portlet and still have an unauthorized user view its content. It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page. Steps to reproduce: 1) log in as root 2) import a portlet through the application registry 3) set the premissions for the portlet 4) add the portlet to a page 5) logout and access the page 6) the unauthorized user can view the portlet expected results: the user shouldn't be able to see the portlet. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

Show replies by date

Khoi Nguyen (JIRA)

Wednesday, 28 April Wed, 28 Apr

9:12 p.m.

New subject: [JBoss JIRA] Assigned: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access

[ https://jira.jboss.org/jira/browse/GTNPORTAL-1137?page=com.atlassian.jira... ] Khoi Nguyen reassigned GTNPORTAL-1137: -------------------------------------- Assignee: Khoi Nguyen

...

Permission settings in application registry not preventing unauthorized access ------------------------------------------------------------------------------ Key: GTNPORTAL-1137 URL: https://jira.jboss.org/jira/browse/GTNPORTAL-1137 Project: GateIn Portal Issue Type: Bug Security Level: Public(Everyone can see) Reporter: Matt Wringe Assignee: Khoi Nguyen In the application registry, it possible to set access permission for portlets and gadgets, but this doesn't seem to work. I can change the permission of a portlet and still have an unauthorized user view its content. It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page. Steps to reproduce: 1) log in as root 2) import a portlet through the application registry 3) set the premissions for the portlet 4) add the portlet to a page 5) logout and access the page 6) the unauthorized user can view the portlet expected results: the user shouldn't be able to see the portlet.

-- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

Trong Tran (JIRA)

10:36 p.m.

New subject: [JBoss JIRA] Commented: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access

[ https://jira.jboss.org/jira/browse/GTNPORTAL-1137?page=com.atlassian.jira... ] Trong Tran commented on GTNPORTAL-1137: --------------------------------------- currently the gadget's access permission does not prevent an user to add the gadget as a gadget into the dashboard page

...

Permission settings in application registry not preventing unauthorized access ------------------------------------------------------------------------------ Key: GTNPORTAL-1137 URL: https://jira.jboss.org/jira/browse/GTNPORTAL-1137 Project: GateIn Portal Issue Type: Bug Security Level: Public(Everyone can see) Reporter: Matt Wringe Assignee: Khoi Nguyen In the application registry, it possible to set access permission for portlets and gadgets, but this doesn't seem to work. I can change the permission of a portlet and still have an unauthorized user view its content. It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page. Steps to reproduce: 1) log in as root 2) import a portlet through the application registry 3) set the premissions for the portlet 4) add the portlet to a page 5) logout and access the page 6) the unauthorized user can view the portlet expected results: the user shouldn't be able to see the portlet.

Matt Wringe (JIRA)

Thursday, 20 May Thu, 20 May

9:06 a.m.

New subject: [JBoss JIRA] Commented: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access

[ https://jira.jboss.org/browse/GTNPORTAL-1137?page=com.atlassian.jira.plug... ] Matt Wringe commented on GTNPORTAL-1137: ---------------------------------------- according to Tron Tran the correct behaviour is for this setting to set the default permission of a portlet that is to be added to a page (http://lists.jboss.org/pipermail/gatein-dev/2010-May/000656.html). This currenly does not work, if I import a portlet, set its permission and then try to add that portlet to a page, its default permission is set a public instead of what is set in the application registry.

...

Permission settings in application registry not preventing unauthorized access ------------------------------------------------------------------------------ Key: GTNPORTAL-1137 URL: https://jira.jboss.org/browse/GTNPORTAL-1137 Project: GateIn Portal Issue Type: Bug Security Level: Public(Everyone can see) Reporter: Matt Wringe Assignee: Khoi Nguyen In the application registry, it possible to set access permission for portlets and gadgets, but this doesn't seem to work. I can change the permission of a portlet and still have an unauthorized user view its content. It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page. Steps to reproduce: 1) log in as root 2) import a portlet through the application registry 3) set the premissions for the portlet 4) add the portlet to a page 5) logout and access the page 6) the unauthorized user can view the portlet expected results: the user shouldn't be able to see the portlet.

-- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

Trong Tran (JIRA)

Monday, 24 May Mon, 24 May

2:33 a.m.

New subject: [JBoss JIRA] Commented: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access

[ https://jira.jboss.org/browse/GTNPORTAL-1137?page=com.atlassian.jira.plug... ] Trong Tran commented on GTNPORTAL-1137: --------------------------------------- i can reproduce it now and this is considered as a cache issue at UI level. it means to require a re-login after changing permissions in Application Registry now

...

Permission settings in application registry not preventing unauthorized access ------------------------------------------------------------------------------ Key: GTNPORTAL-1137 URL: https://jira.jboss.org/browse/GTNPORTAL-1137 Project: GateIn Portal Issue Type: Bug Security Level: Public(Everyone can see) Reporter: Matt Wringe Assignee: Khoi Nguyen In the application registry, it possible to set access permission for portlets and gadgets, but this doesn't seem to work. I can change the permission of a portlet and still have an unauthorized user view its content. It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page. Steps to reproduce: 1) log in as root 2) import a portlet through the application registry 3) set the premissions for the portlet 4) add the portlet to a page 5) logout and access the page 6) the unauthorized user can view the portlet expected results: the user shouldn't be able to see the portlet.

Trong Tran (JIRA)

Tuesday, 25 May Tue, 25 May

12:01 a.m.

New subject: [JBoss JIRA] Updated: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access

[ https://jira.jboss.org/browse/GTNPORTAL-1137?page=com.atlassian.jira.plug... ] Trong Tran updated GTNPORTAL-1137: ---------------------------------- Original Estimate: 6 hours Remaining Estimate: 6 hours Labels: sprint_34 (was: )

...

Permission settings in application registry not preventing unauthorized access ------------------------------------------------------------------------------ Key: GTNPORTAL-1137 URL: https://jira.jboss.org/browse/GTNPORTAL-1137 Project: GateIn Portal Issue Type: Bug Security Level: Public(Everyone can see) Reporter: Matt Wringe Assignee: Khoi Nguyen Original Estimate: 6 hours Remaining Estimate: 6 hours In the application registry, it possible to set access permission for portlets and gadgets, but this doesn't seem to work. I can change the permission of a portlet and still have an unauthorized user view its content. It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page. Steps to reproduce: 1) log in as root 2) import a portlet through the application registry 3) set the premissions for the portlet 4) add the portlet to a page 5) logout and access the page 6) the unauthorized user can view the portlet expected results: the user shouldn't be able to see the portlet.

Khoi Nguyen (JIRA)

2:46 a.m.

New subject: [JBoss JIRA] Work started: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access

[ https://jira.jboss.org/browse/GTNPORTAL-1137?page=com.atlassian.jira.plug... ] Work on GTNPORTAL-1137 started by Khoi Nguyen.

...

Permission settings in application registry not preventing unauthorized access ------------------------------------------------------------------------------ Key: GTNPORTAL-1137 URL: https://jira.jboss.org/browse/GTNPORTAL-1137 Project: GateIn Portal Issue Type: Bug Security Level: Public(Everyone can see) Reporter: Matt Wringe Assignee: Khoi Nguyen Original Estimate: 6 hours Remaining Estimate: 6 hours In the application registry, it possible to set access permission for portlets and gadgets, but this doesn't seem to work. I can change the permission of a portlet and still have an unauthorized user view its content. It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page. Steps to reproduce: 1) log in as root 2) import a portlet through the application registry 3) set the premissions for the portlet 4) add the portlet to a page 5) logout and access the page 6) the unauthorized user can view the portlet expected results: the user shouldn't be able to see the portlet.

Khoi Nguyen (JIRA)

5:29 a.m.

New subject: [JBoss JIRA] Commented: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access

[ https://jira.jboss.org/browse/GTNPORTAL-1137?page=com.atlassian.jira.plug... ] Khoi Nguyen commented on GTNPORTAL-1137: ---------------------------------------- Broadcast event "ChangeApplicationList" when a portlet's permission is changed

...

Permission settings in application registry not preventing unauthorized access ------------------------------------------------------------------------------ Key: GTNPORTAL-1137 URL: https://jira.jboss.org/browse/GTNPORTAL-1137 Project: GateIn Portal Issue Type: Bug Security Level: Public(Everyone can see) Reporter: Matt Wringe Assignee: Khoi Nguyen Attachments: GTNPORTAL-1137.patch Original Estimate: 6 hours Remaining Estimate: 6 hours In the application registry, it possible to set access permission for portlets and gadgets, but this doesn't seem to work. I can change the permission of a portlet and still have an unauthorized user view its content. It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page. Steps to reproduce: 1) log in as root 2) import a portlet through the application registry 3) set the premissions for the portlet 4) add the portlet to a page 5) logout and access the page 6) the unauthorized user can view the portlet expected results: the user shouldn't be able to see the portlet.

Khoi Nguyen (JIRA)

5:29 a.m.

New subject: [JBoss JIRA] Updated: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access

[ https://jira.jboss.org/browse/GTNPORTAL-1137?page=com.atlassian.jira.plug... ] Khoi Nguyen updated GTNPORTAL-1137: ----------------------------------- Attachment: GTNPORTAL-1137.patch

...

Permission settings in application registry not preventing unauthorized access ------------------------------------------------------------------------------ Key: GTNPORTAL-1137 URL: https://jira.jboss.org/browse/GTNPORTAL-1137 Project: GateIn Portal Issue Type: Bug Security Level: Public(Everyone can see) Reporter: Matt Wringe Assignee: Khoi Nguyen Attachments: GTNPORTAL-1137.patch Original Estimate: 6 hours Remaining Estimate: 6 hours In the application registry, it possible to set access permission for portlets and gadgets, but this doesn't seem to work. I can change the permission of a portlet and still have an unauthorized user view its content. It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page. Steps to reproduce: 1) log in as root 2) import a portlet through the application registry 3) set the premissions for the portlet 4) add the portlet to a page 5) logout and access the page 6) the unauthorized user can view the portlet expected results: the user shouldn't be able to see the portlet.

Khoi Nguyen (JIRA)

9:39 p.m.

New subject: [JBoss JIRA] Resolved: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access

[ https://jira.jboss.org/browse/GTNPORTAL-1137?page=com.atlassian.jira.plug... ] Khoi Nguyen resolved GTNPORTAL-1137. ------------------------------------ Resolution: Done

...

Permission settings in application registry not preventing unauthorized access ------------------------------------------------------------------------------ Key: GTNPORTAL-1137 URL: https://jira.jboss.org/browse/GTNPORTAL-1137 Project: GateIn Portal Issue Type: Bug Security Level: Public(Everyone can see) Reporter: Matt Wringe Assignee: Khoi Nguyen Attachments: GTNPORTAL-1137.patch Original Estimate: 6 hours Remaining Estimate: 6 hours In the application registry, it possible to set access permission for portlets and gadgets, but this doesn't seem to work. I can change the permission of a portlet and still have an unauthorized user view its content. It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page. Steps to reproduce: 1) log in as root 2) import a portlet through the application registry 3) set the premissions for the portlet 4) add the portlet to a page 5) logout and access the page 6) the unauthorized user can view the portlet expected results: the user shouldn't be able to see the portlet.

Trong Tran (JIRA)

10:31 p.m.

New subject: [JBoss JIRA] Updated: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access

[ https://jira.jboss.org/browse/GTNPORTAL-1137?page=com.atlassian.jira.plug... ] Trong Tran updated GTNPORTAL-1137: ---------------------------------- Fix Version/s: 3.1.0-GA

...

Permission settings in application registry not preventing unauthorized access ------------------------------------------------------------------------------ Key: GTNPORTAL-1137 URL: https://jira.jboss.org/browse/GTNPORTAL-1137 Project: GateIn Portal Issue Type: Bug Security Level: Public(Everyone can see) Reporter: Matt Wringe Assignee: Khoi Nguyen Fix For: 3.1.0-GA Attachments: GTNPORTAL-1137.patch Original Estimate: 6 hours Remaining Estimate: 6 hours In the application registry, it possible to set access permission for portlets and gadgets, but this doesn't seem to work. I can change the permission of a portlet and still have an unauthorized user view its content. It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page. Steps to reproduce: 1) log in as root 2) import a portlet through the application registry 3) set the premissions for the portlet 4) add the portlet to a page 5) logout and access the page 6) the unauthorized user can view the portlet expected results: the user shouldn't be able to see the portlet.

Hang Nguyen (JIRA)

Monday, 31 May Mon, 31 May

9:34 p.m.

New subject: [JBoss JIRA] Closed: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access

[ https://jira.jboss.org/browse/GTNPORTAL-1137?page=com.atlassian.jira.plug... ] Hang Nguyen closed GTNPORTAL-1137. ----------------------------------

...

Permission settings in application registry not preventing unauthorized access ------------------------------------------------------------------------------ Key: GTNPORTAL-1137 URL: https://jira.jboss.org/browse/GTNPORTAL-1137 Project: GateIn Portal Issue Type: Bug Security Level: Public(Everyone can see) Reporter: Matt Wringe Assignee: Khoi Nguyen Fix For: 3.1.0-GA Attachments: GTNPORTAL-1137.patch Original Estimate: 6 hours Remaining Estimate: 6 hours In the application registry, it possible to set access permission for portlets and gadgets, but this doesn't seem to work. I can change the permission of a portlet and still have an unauthorized user view its content. It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page. Steps to reproduce: 1) log in as root 2) import a portlet through the application registry 3) set the premissions for the portlet 4) add the portlet to a page 5) logout and access the page 6) the unauthorized user can view the portlet expected results: the user shouldn't be able to see the portlet.

5700

days inactive

5734

days old

gatein-issues@lists.jboss.org

Manage subscription

11 comments

4 participants

tags (0)

participants (4)

Hang Nguyen (JIRA)
Khoi Nguyen (JIRA)
Matt Wringe (JIRA)
Trong Tran (JIRA)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[JBoss JIRA] Created: (GTNPORTAL-1137) Permission settings in application registry not preventing unauthorized access