4:20 a.m.
Feed servlet does not filter access level
-----------------------------------------
Key: JBSEAM-2114
URL: http://jira.jboss.com/jira/browse/JBSEAM-2114
Project: JBoss Seam
Issue Type: Bug
Components: Wiki
Reporter: Christian Bauer
Assigned To: Christian Bauer
The FeedDAO uses the restrictedEntityManager but there are no access permission checks on
the feed entries. This might require an additional READ_ACCESS_LEVEL column on the feed
entry table. Currently anyone can access a feed if they know the identifier, even if they
have no permission to access the directory/documents!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:56 a.m.
New subject: [jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-2114) Feeds should honor access levels
[ http://jira.jboss.com/jira/browse/JBSEAM-2114?page=all ]
Christian Bauer updated JBSEAM-2114:
------------------------------------
Summary: Feeds should honor access levels (was: Feed servlet does not filter
access level)
Issue Type: Feature Request (was: Bug)
This is not really a bug because only GUEST_ACCESS_LEVEL documents are ever pushed onto
feeds. However, for the forum we need permissions on feeds anyway, so I'm going to
implement HTTP authentication for any feed that is associated with a !guest-readable
directory. Feed readers seem to support authentication.
Feeds should honor access levels
--------------------------------
Key: JBSEAM-2114
URL: http://jira.jboss.com/jira/browse/JBSEAM-2114
Project: JBoss Seam
Issue Type: Feature Request
Components: Wiki
Reporter: Christian Bauer
Assigned To: Christian Bauer
The FeedDAO uses the restrictedEntityManager but there are no access permission checks on
the feed entries. This might require an additional READ_ACCESS_LEVEL column on the feed
entry table. Currently anyone can access a feed if they know the identifier, even if they
have no permission to access the directory/documents!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:03 a.m.
New subject: [jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-2114) Feeds should honor access levels
[ http://jira.jboss.com/jira/browse/JBSEAM-2114?page=all ]
Christian Bauer closed JBSEAM-2114.
-----------------------------------
Fix Version/s: 2.0.1.GA
Resolution: Done
Feeds and feed entries are now completely permissioned, access level of the currently
logged in user (Basic HTTP auth for FeedServlet) are honored.
Feeds should honor access levels
--------------------------------
Key: JBSEAM-2114
URL: http://jira.jboss.com/jira/browse/JBSEAM-2114
Project: JBoss Seam
Issue Type: Feature Request
Components: Wiki
Reporter: Christian Bauer
Assigned To: Christian Bauer
Fix For: 2.0.1.GA
The FeedDAO uses the restrictedEntityManager but there are no access permission checks on
the feed entries. This might require an additional READ_ACCESS_LEVEL column on the feed
entry table. Currently anyone can access a feed if they know the identifier, even if they
have no permission to access the directory/documents!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6051
days inactive
6075
days old
2 comments
1 participants
participants (1)
-
Christian Bauer (JIRA)