You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "CROOK (JIRA)" <ji...@apache.org> on 2008/08/31 05:47:44 UTC

[jira] Created: (WICKET-1812) Header contributions occur even though rendering is not allowed by authorization strategy

Header contributions occur even though rendering is not allowed by authorization strategy
-----------------------------------------------------------------------------------------

                 Key: WICKET-1812
                 URL: https://issues.apache.org/jira/browse/WICKET-1812
             Project: Wicket
          Issue Type: Bug
          Components: wicket
            Reporter: CROOK
            Priority: Minor


Components that are not allowed to render due to authorization restrictions still have their headers contributed.  As this doesn't affect the integrity of the application it could possibly result in security issues depending on the components involved.  For now a workaround is to explicitly set the component's visibility using setVisible() or overriding isVisible() which prevents the header contribution from occurring.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (WICKET-1812) Header contributions occur even though rendering is not allowed by authorization strategy

Posted by "Juergen Donnerstag (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/WICKET-1812?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Juergen Donnerstag resolved WICKET-1812.
----------------------------------------

       Resolution: Fixed
    Fix Version/s: 1.4-RC2
         Assignee: Juergen Donnerstag

fixed. thanks

> Header contributions occur even though rendering is not allowed by authorization strategy
> -----------------------------------------------------------------------------------------
>
>                 Key: WICKET-1812
>                 URL: https://issues.apache.org/jira/browse/WICKET-1812
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>            Reporter: CROOK
>            Assignee: Juergen Donnerstag
>            Priority: Minor
>             Fix For: 1.4-RC2
>
>
> Components that are not allowed to render due to authorization restrictions still have their headers contributed.  As this doesn't affect the integrity of the application it could possibly result in security issues depending on the components involved.  For now a workaround is to explicitly set the component's visibility using setVisible() or overriding isVisible() which prevents the header contribution from occurring.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.