[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-1646) portal-cms depends on existence of user 'admin'

Tobias Roth (JIRA) jira-events at lists.jboss.org
Wed Aug 22 09:51:22 EDT 2007 

portal-cms depends on existence of user 'admin'
-----------------------------------------------

                 Key: JBPORTAL-1646
                 URL: http://jira.jboss.com/jira/browse/JBPORTAL-1646
             Project: JBoss Portal
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Portal CMS
    Affects Versions: 2.6.1 Final
            Reporter: Tobias Roth
         Assigned To: Sohil Shah


cms/src/main/org/jboss/portal/cms/impl/jcr/JCRCMS.java has the user 'admin' hardcoded:


   /** Loads content from sar and adds it to the repo. */
   public void createContent() throws Exception
   {
      log.info("Creating default CMS content.");
      

      // Get the content
      URL root = Thread.currentThread().getContextClassLoader().getResource(defaultContentLocation);

      
      //make the user executing these to create the default content, an 'Admin' user
      //without this, the fine grained security won't allow the creation
      UserModule userModule = getUserModule();
      if(userModule != null)
      {
	      org.hibernate.Session session = org.jboss.portal.cms.hibernate.state.Tools.getOpenSession();
	      org.hibernate.Transaction tx = session.beginTransaction();
	      User user = userModule.findUserByUserName("admin"); // HERE
	      if(user!=null)
	      {
	    	  JCRCMS.getUserInfo().set(user);
	      }
	      tx.rollback();
	      org.jboss.portal.cms.hibernate.state.Tools.closeSession(session);
      }	


If it doesn't exist (for example because LDAP is being used), portal-cms cannopt be deployed, and several database tables are not created. If 'admin' is changed to an existing user, everything works fine.

There is another reference to 'admin' in cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java, but leaving this as it is doesn't seem to have any negative effect.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list