You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rave.apache.org by "Anthony Carlucci (Created) (JIRA)" <ji...@apache.org> on 2011/10/17 20:37:10 UTC
[jira] [Created] (RAVE-303) Re-factor usage of
PageService.addNewDefaultPage for security reasons
Re-factor usage of PageService.addNewDefaultPage for security reasons
---------------------------------------------------------------------
Key: RAVE-303
URL: https://issues.apache.org/jira/browse/RAVE-303
Project: Rave
Issue Type: Improvement
Reporter: Anthony Carlucci
PageService.addNewDefaultPage is currently called by DefaultNewAccountService.createNewAccount after a new user is registered. However, with our new Model Permission security architecture being put in place this will fail due to the user not being authenticated at the time the addNewDefaultPage is executed. The code should be refactored to :
1) Remove the call to addNewDefaultPage in DefaultNewAccountService.createNewAccount
2) Add logic into PageController where appropriate so that if a user has 0 pages, addNewDefaultPage is executed on-the-fly to create a new default page for them
3) Add security annotations to PageService.addNewDefaultPage
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (RAVE-303) Re-factor usage of
PageService.addNewDefaultPage for security reasons
Posted by "Anthony Carlucci (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anthony Carlucci updated RAVE-303:
----------------------------------
Issue Type: Sub-task (was: Improvement)
Parent: RAVE-304
> Re-factor usage of PageService.addNewDefaultPage for security reasons
> ---------------------------------------------------------------------
>
> Key: RAVE-303
> URL: https://issues.apache.org/jira/browse/RAVE-303
> Project: Rave
> Issue Type: Sub-task
> Reporter: Anthony Carlucci
>
> PageService.addNewDefaultPage is currently called by DefaultNewAccountService.createNewAccount after a new user is registered. However, with our new Model Permission security architecture being put in place this will fail due to the user not being authenticated at the time the addNewDefaultPage is executed. The code should be refactored to :
> 1) Remove the call to addNewDefaultPage in DefaultNewAccountService.createNewAccount
> 2) Add logic into PageController where appropriate so that if a user has 0 pages, addNewDefaultPage is executed on-the-fly to create a new default page for them
> 3) Add security annotations to PageService.addNewDefaultPage
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (RAVE-303) Re-factor usage of
PageService.addNewDefaultPage for security reasons
Posted by "Jasha Joachimsthal (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13129530#comment-13129530 ]
Jasha Joachimsthal commented on RAVE-303:
-----------------------------------------
My bad, thanks!
> Re-factor usage of PageService.addNewDefaultPage for security reasons
> ---------------------------------------------------------------------
>
> Key: RAVE-303
> URL: https://issues.apache.org/jira/browse/RAVE-303
> Project: Rave
> Issue Type: Improvement
> Reporter: Anthony Carlucci
>
> PageService.addNewDefaultPage is currently called by DefaultNewAccountService.createNewAccount after a new user is registered. However, with our new Model Permission security architecture being put in place this will fail due to the user not being authenticated at the time the addNewDefaultPage is executed. The code should be refactored to :
> 1) Remove the call to addNewDefaultPage in DefaultNewAccountService.createNewAccount
> 2) Add logic into PageController where appropriate so that if a user has 0 pages, addNewDefaultPage is executed on-the-fly to create a new default page for them
> 3) Add security annotations to PageService.addNewDefaultPage
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (RAVE-303) Re-factor usage of
PageService.addNewDefaultPage for security reasons
Posted by "Anthony Carlucci (Assigned) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anthony Carlucci reassigned RAVE-303:
-------------------------------------
Assignee: Anthony Carlucci
> Re-factor usage of PageService.addNewDefaultPage for security reasons
> ---------------------------------------------------------------------
>
> Key: RAVE-303
> URL: https://issues.apache.org/jira/browse/RAVE-303
> Project: Rave
> Issue Type: Sub-task
> Reporter: Anthony Carlucci
> Assignee: Anthony Carlucci
>
> PageService.addNewDefaultPage is currently called by DefaultNewAccountService.createNewAccount after a new user is registered. However, with our new Model Permission security architecture being put in place this will fail due to the user not being authenticated at the time the addNewDefaultPage is executed. The code should be refactored to :
> 1) Remove the call to addNewDefaultPage in DefaultNewAccountService.createNewAccount
> 2) Add logic into PageController where appropriate so that if a user has 0 pages, addNewDefaultPage is executed on-the-fly to create a new default page for them
> 3) Add security annotations to PageService.addNewDefaultPage
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (RAVE-303) Re-factor usage of
PageService.addNewDefaultPage for security reasons
Posted by "Anthony Carlucci (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anthony Carlucci resolved RAVE-303.
-----------------------------------
Resolution: Fixed
This has been resolved - the new behavior is to create the default page anytime a user hits the page controller and they have zero existing pages.
> Re-factor usage of PageService.addNewDefaultPage for security reasons
> ---------------------------------------------------------------------
>
> Key: RAVE-303
> URL: https://issues.apache.org/jira/browse/RAVE-303
> Project: Rave
> Issue Type: Sub-task
> Reporter: Anthony Carlucci
> Assignee: Anthony Carlucci
>
> PageService.addNewDefaultPage is currently called by DefaultNewAccountService.createNewAccount after a new user is registered. However, with our new Model Permission security architecture being put in place this will fail due to the user not being authenticated at the time the addNewDefaultPage is executed. The code should be refactored to :
> 1) Remove the call to addNewDefaultPage in DefaultNewAccountService.createNewAccount
> 2) Add logic into PageController where appropriate so that if a user has 0 pages, addNewDefaultPage is executed on-the-fly to create a new default page for them
> 3) Add security annotations to PageService.addNewDefaultPage
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (RAVE-303) Re-factor usage of
PageService.addNewDefaultPage for security reasons
Posted by "Jasha Joachimsthal (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13129086#comment-13129086 ]
Jasha Joachimsthal commented on RAVE-303:
-----------------------------------------
I prefer option #2
> Re-factor usage of PageService.addNewDefaultPage for security reasons
> ---------------------------------------------------------------------
>
> Key: RAVE-303
> URL: https://issues.apache.org/jira/browse/RAVE-303
> Project: Rave
> Issue Type: Improvement
> Reporter: Anthony Carlucci
>
> PageService.addNewDefaultPage is currently called by DefaultNewAccountService.createNewAccount after a new user is registered. However, with our new Model Permission security architecture being put in place this will fail due to the user not being authenticated at the time the addNewDefaultPage is executed. The code should be refactored to :
> 1) Remove the call to addNewDefaultPage in DefaultNewAccountService.createNewAccount
> 2) Add logic into PageController where appropriate so that if a user has 0 pages, addNewDefaultPage is executed on-the-fly to create a new default page for them
> 3) Add security annotations to PageService.addNewDefaultPage
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (RAVE-303) Re-factor usage of
PageService.addNewDefaultPage for security reasons
Posted by "Anthony Carlucci (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13129104#comment-13129104 ]
Anthony Carlucci commented on RAVE-303:
---------------------------------------
Jasha - just to clarify those aren't options, they are 3 separate tasks to be done as part of the refactoring process.
> Re-factor usage of PageService.addNewDefaultPage for security reasons
> ---------------------------------------------------------------------
>
> Key: RAVE-303
> URL: https://issues.apache.org/jira/browse/RAVE-303
> Project: Rave
> Issue Type: Improvement
> Reporter: Anthony Carlucci
>
> PageService.addNewDefaultPage is currently called by DefaultNewAccountService.createNewAccount after a new user is registered. However, with our new Model Permission security architecture being put in place this will fail due to the user not being authenticated at the time the addNewDefaultPage is executed. The code should be refactored to :
> 1) Remove the call to addNewDefaultPage in DefaultNewAccountService.createNewAccount
> 2) Add logic into PageController where appropriate so that if a user has 0 pages, addNewDefaultPage is executed on-the-fly to create a new default page for them
> 3) Add security annotations to PageService.addNewDefaultPage
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira