[ https://issues.jboss.org/browse/GTNPORTAL-2211?page=com.atlassian.jira.pl... ] RH Bugzilla Integration commented on GTNPORTAL-2211: ---------------------------------------------------- Jared MORGAN <jmorgan(a)redhat.com&gt; made a comment on [bug 793804|https://bugzilla.redhat.com/show_bug.cgi?id=793804] Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,9 +1 @@ -CAUSE: when memberships of some user are changed (For example user root will remove user john from group /platform/users group), then user john won't see updates immediately. He needs to logout and login to see it. Example: +It was discovered that changing memberships of already authenticated users did not immediately take effect. If a user had administrative membership revoked, and remained logged onto the portal, the privileges were still accessible for up to 30 minutes until the user permissions cache was refreshed. This could permit the user to perform undesirable actions in the portal. The fix introduces a new listener "MembershipUpdateListener" which is configurable from the organization-configuration.xml directive file. The listener immediately updates authenticated user memberships based on information in the ConversationRegistry. Changes to user memberships now take effect immediately, which corrects the originally reported issue.-1) Start browser1, Go to http://localhost:8080/portal and login as john. User john is in group /platform/administrators by default, so he can see "Administrators" link in group menu, -2) Start browser2, Go to http://localhost:8080/portal and login as root. Go to OrganizationManagement and remove user john from /platform/administrators -3) Return to browser1 and refresh page. User john can still see "administrators" pages, which is a bug. -4) Logout and login again as john. Now "Administrators" are not longer visible. Bad is that john needs to logout and login, otherwise permissions for pages are not reflected. - -FIX: I added new listener "MembershipUpdateListener" into organization-configuration.xml file. This listener will update all memberships of logged user in ConversationRegistry, so that changes are immediately reflected in UI. - -RESULT: Changes are immediately reflected in UI. In previous example, user john won't see "Administrators" page in step 3, which is correct. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/GTNPORTAL-2211?page=com.atlassian.jira.pl... ] RH Bugzilla Integration commented on GTNPORTAL-2211: ---------------------------------------------------- Jared MORGAN <jmorgan(a)redhat.com&gt; made a comment on [bug 793804|https://bugzilla.redhat.com/show_bug.cgi?id=793804] Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1 @@ -It was discovered that changing memberships of already authenticated users did not immediately take effect. If a user had administrative membership revoked, and remained logged onto the portal, the privileges were still accessible for up to 30 minutes until the user permissions cache was refreshed. This could permit the user to perform undesirable actions in the portal. The fix introduces a new listener "MembershipUpdateListener" which has been added to EPP_HOME/server/<PROFILE>/deploy/gatein.ear/02portal.war/WEB-INF/conf/organization/organization-configuration.xml directive file. The listener immediately updates authenticated user memberships based on information in the ConversationRegistry. Changes to user memberships now take effect immediately, which corrects the originally reported issue.+It was discovered that changing memberships of already authenticated users did not immediately take effect. If a user had administrative membership revoked, and remained logged onto the portal, the privileges were still accessible for up to 30 minutes until the user permissions cache was refreshed. This could permit the user to perform undesirable actions in the portal. The fix introduces a new listener "MembershipUpdateListener" which has been added to <replaceable>JBOSS_HOME</replaceable>/server/<replaceable>PROFILE</replaceable>/deploy/gatein.ear/02portal.war/WEB-INF/conf/organization/organization-configuration.xml directive file. The listener immediately updates authenticated user memberships based on information in the ConversationRegistry. Changes to user memberships now take effect immediately, which corrects the originally reported issue. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira