[jboss-jira] [JBoss JIRA] Work stopped: (JBPORTAL-2109) CMS Security Issue with LDAP/Clustered mode
Sohil Shah (JIRA)
jira-events at lists.jboss.org
Fri Sep 5 17:11:38 EDT 2008
[ https://jira.jboss.org/jira/browse/JBPORTAL-2109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on JBPORTAL-2109 stopped by Sohil Shah.
> CMS Security Issue with LDAP/Clustered mode
> -------------------------------------------
>
> Key: JBPORTAL-2109
> URL: https://jira.jboss.org/jira/browse/JBPORTAL-2109
> Project: JBoss Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Portal CMS
> Affects Versions: 2.6.6 Final
> Reporter: Sohil Shah
> Assignee: Sohil Shah
> Fix For: 2.6.7 Final
>
>
> Steps to Reproduce:
> I finally managed to reproduce this. Here's my environment:
> - EAP 4.3, JBoss Portal 2.6.5.SP1 HA (or 2.6.6 HA)
> - enabled TC clustered SSO
> First test:
> ----------
> 1/ start two nodes, one with the Service Binding Manager
> 2/ check if one is CMS master, other slave
> 3/ log in as admin:admin
> 4/ change security setting for the '/default' CMS folder to 'Read=User'
> 5/ logout
> 6/ login as user:user on node1 (master): ok, content is displayed
> 7/ logout
> 8/ login as user:user on node2 (slave): ok, content is displayed
> => TEST PASSED
> Second test:
> -----------
> - same setup as before, but with LDAP:
> <attribute name="ConfigFile">conf/identity/ldap_identity-config.xml</attribute>
> - OpenDS is used on localhost with imported identity/src/resources/example/portal-sample-local.ldif structure
> 1-7 as above
> 8/ login as user:user on node2 (slave): failed, 404 or Access Denied (depending on Portal version)
> => TEST FAILED
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list