[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-1239) page level security not honored in the navigation system

Thomas Heute (JIRA) jira-events at lists.jboss.org
Thu Feb 15 10:07:35 EST 2007 

    [ http://jira.jboss.com/jira/browse/JBPORTAL-1239?page=comments#action_12353206 ] 
            
Thomas Heute commented on JBPORTAL-1239:
----------------------------------------

Trunk, but this hasn't changed.

Be careful, the container of the test page, (the default portal) has recursive view rights. So whatever you set at the page level is overriden by the portal privilege.

You need to remove the default portal recursive view privilege, then grant view privilege on the default page. If you do this and only this, you won't be able to see the test page.

> page level security not honored in the navigation system
> --------------------------------------------------------
>
>                 Key: JBPORTAL-1239
>                 URL: http://jira.jboss.com/jira/browse/JBPORTAL-1239
>             Project: JBoss Portal
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Portal Security
>    Affects Versions: 2.6.Alpha2
>         Environment: Windows XP
>            Reporter: Stephen Westbom
>         Assigned To: Julien Viet
>
> In 2.4 sp1 pages are checked for security before being displayed as a tab in the navigation using this jsp:
> jboss-portal.sar\portal-core.war\WEB-INF\jsp\catalog\index.jsp
> This seems to be handled by the psib request parameter (a map). In 2.4 the map only gives you PortalNodeURLs that you have permissions on, in all the 2.6 versions you get all the siblingURLs (your term in the JSP page) regardless of the permission settings in the {project name}_object.xml
> Can this be fixed so that the psib parameter only gives you a handle to a map that gives you objects you have permissions to see?
> Thanks
> Stephen

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list