You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jspwiki.apache.org by "Alex Legler (JIRA)" <ji...@apache.org> on 2010/12/01 16:28:11 UTC

[jira] Created: (JSPWIKI-673) Checking user permissions in a filter results in a loop

Checking user permissions in a filter results in a loop
-------------------------------------------------------

                 Key: JSPWIKI-673
                 URL: https://issues.apache.org/jira/browse/JSPWIKI-673
             Project: JSPWiki
          Issue Type: Bug
          Components: Authentication&Authorization
    Affects Versions: 2.8.3
         Environment: OSX, Tomcat 6
            Reporter: Alex Legler


We're trying to determine whether a user has a certain permission in a filter using AuthorizationManager.checkPermission().
Calling this method however causes an endless loop:
It invokes DefaultAclManager.getPermissions() which tries to parse the page which in turn causes the filters to run.

Stacktrace excerpt:

...
	at de.d3web.we.jspwiki.KnowWEPlugin.preTranslate(KnowWEPlugin.java:309)
	at com.ecyrd.jspwiki.filters.FilterManager.doPreTranslateFiltering(FilterManager.java:326)
	at com.ecyrd.jspwiki.WikiEngine.textToHTML(WikiEngine.java:1511)
	at com.ecyrd.jspwiki.WikiEngine.getHTML(WikiEngine.java:1455)
	at com.ecyrd.jspwiki.auth.acl.DefaultAclManager.getPermissions(DefaultAclManager.java:187)
	at com.ecyrd.jspwiki.auth.AuthorizationManager.checkPermission(AuthorizationManager.java:222)
	(more of our code, including the call to checkPermission())
	at de.d3web.we.jspwiki.KnowWEPlugin.preTranslate(KnowWEPlugin.java:309)
	at com.ecyrd.jspwiki.filters.FilterManager.doPreTranslateFiltering(FilterManager.java:326)
	at com.ecyrd.jspwiki.WikiEngine.textToHTML(WikiEngine.java:1511)
	at com.ecyrd.jspwiki.WikiEngine.getHTML(WikiEngine.java:1455)
	at com.ecyrd.jspwiki.auth.acl.DefaultAclManager.getPermissions(DefaultAclManager.java:187)
	at com.ecyrd.jspwiki.auth.AuthorizationManager.checkPermission(AuthorizationManager.java:222)
...

The context used in DefaultAclManager.getPermissions() includes the following setting:

                ctx.setVariable( RenderingManager.VAR_EXECUTE_PLUGINS, Boolean.FALSE );

Maybe filters can be disabled in a similar fashion (I think that would be setting PROP_RUNFILTERS to false as well)?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.