Re: Security Management Bug

[Tâm Huynh <ta...@nterra.com>]

Hi Moabi,

thanks for answering. However, the problem that you described
seems to fixed by now -- but not the one that I described.
I tried it out with the cvs head, with the same results.

The problem seems to be related to the security cache again
-- when I turn caching off, it works fine.

Tâm



Moabi Nyokong wrote:
> Had the same problem this is the answer I got.....
> 
> -----Original Message-----
> From: Stuart Belden [mailto:SBelden@bjc.org] 
> Sent: 03 April 2003 04:00
> To: jetspeed-user@jakarta.apache.org
> Subject: RE: Urgent security bug! Was asked in the past, but not
> answered...Can anyone help?!
> 
> 
> Are you using Jetspeed's security cache?
> (services.JetspeedSecurity.caching.enable=true in
> JetspeedSecurity.properties). If so, grab the latest copy of
> SecurityCacheImpl from cvs; I submitted a patch a while back forthe same
> problem you're having I think.
> http://issues.apache.org/bugzilla/show_bug.cgi?id=17734
> 
> -----Original Message-----
> From: Moabi Nyokong 
> Sent: 02 April 2003 09:16
> To: 'Jetspeed Users List'
> Subject: Urgent security bug! Was asked in the past, but not answered...
> Importance: High
> 
> 
> This question was posed by jasenj1 last year some
> time...http://www.mail-archive.com/jetspeed-user@jakarta.apache.org/msg07276
> 
> .html
> *****
> 1. Security Role Browser.
>         Add a role - myrole.
>         After the role is added, select "Permissions".
>         Fill in some of the checkboxes.
>         Select "Update" - you are taken to the list of Permissions NOT the
> list of roles.  That seems wrong.
>         Select "Security Role Browser" again.
>         Select "Permissions" for the role you created.
>         All of the Permission checkboxes are empty - where'd the settings
> go?
> *****
> 
> I frequently get this problem, but on my side I use certain permissions to
> allow access to parts of portlets, and once anything is touched on  the
> role/permission side of the security set-up, Jetspeed seems not to be able
> to find the association between roles and permission, and my portlets fail.
> The only solution is to restart the app. server...On the other hand if I
> have an exact copy of the JS deployment running on another machine, hitting
> the same Oracle 8i DB, I can run all my portlets with no problem. Is this an
> Oracle connection problem? Has anybody else had this issue? Please help,
> we're stuck, and going into production soon....
> 
> 
> Moabi
> 
> 
> 
> -----Original Message-----
> From: Tâm Huynh [mailto:tam.huynh@nterra.com] 
> Sent: Tuesday 21 October 2003 12:15
> To: Jetspeed Users List
> Subject: Security Management Bug 
> 
> 
> Hi,
> 
> I just stumbled upon what seems to be a bug in the security management. I'm
> using Jetspeed 1.4b4. These are the steps I've taken:
> 
> 1. log in as admin
> 2. Switch to the Security Role Browser
> 3. Create a new Role "test"
> 4. Add a couple of permissions to the role
> 5. Switch to the user browser
> 6. Assign the role "test" to a user (e.g. turbine)
> 7. Revoke the role "test" from the user
> 8. Switch to the Security Role Browser
> 9. View permissions of role "test".
> -> The role has no permissions anymore
> 
> The permissions still appear in the database, though,
> and they reappear when jetspeed is restarted.
> Can anyone confirm this?
> 
> Tâm
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
> 
> 
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org