[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-2109) CMS Security Issue with LDAP/Clustered mode

Prabhat Jha (JIRA) jira-events at lists.jboss.org
Fri Sep 5 17:27:38 EDT 2008 

    [ https://jira.jboss.org/jira/browse/JBPORTAL-2109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12428472#action_12428472 ] 

Prabhat Jha commented on JBPORTAL-2109:
---------------------------------------

Sohil, Wont it be a good idea to use new hib/integration libary with this as well? There is not much change that would need to be done. Please take a look at hibernate.cfg.xml for portal/portlet in jboss-portal-ha.sar.

> CMS Security Issue with LDAP/Clustered mode
> -------------------------------------------
>
>                 Key: JBPORTAL-2109
>                 URL: https://jira.jboss.org/jira/browse/JBPORTAL-2109
>             Project: JBoss Portal
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Portal CMS
>    Affects Versions: 2.6.6 Final
>            Reporter: Sohil Shah
>            Assignee: Sohil Shah
>             Fix For: 2.6.7 Final
>
>
> Steps to Reproduce:
> I finally managed to reproduce this. Here's my environment:
> - EAP 4.3, JBoss Portal 2.6.5.SP1 HA (or 2.6.6 HA)
> - enabled TC clustered SSO
> First test:
> ----------
> 1/ start two nodes, one with the Service Binding Manager
> 2/ check if one is CMS master, other slave
> 3/ log in as admin:admin
> 4/ change security setting for the '/default' CMS folder to 'Read=User'
> 5/ logout
> 6/ login as user:user on node1 (master): ok, content is displayed
> 7/ logout
> 8/ login as user:user on node2 (slave): ok, content is displayed
> => TEST PASSED
> Second test:
> -----------
> - same setup as before, but with LDAP:
> <attribute name="ConfigFile">conf/identity/ldap_identity-config.xml</attribute>
> - OpenDS is used on localhost with imported identity/src/resources/example/portal-sample-local.ldif structure
> 1-7 as above
> 8/ login as user:user on node2 (slave): failed, 404 or Access Denied (depending on Portal version)
> => TEST FAILED 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list