History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: TRAILS-50
Type: Bug Bug
Status: Closed Closed
Resolution: Won't Fix
Priority: Major Major
Assignee: Unassigned
Reporter: Ken in nashua
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Trails

Security Bug: infinite loop on special configuration

Created: 31/May/07 02:32 PM   Updated: 31/May/07 02:47 PM
Component/s: None
Affects Version/s: 1.0.0, 1.1.0, 1.0.1
Fix Version/s: 1.0.0, 1.1.0, 1.0.1

Time Tracking:
Not Specified


 Description  « Hide
When logging in as ROLE_MANAGER (specufying this in acegi xml file)

and using the following restriction sequence...

@Security(restrictions = { @Restriction(restrictionType = RestrictionType.UPDATE, requiredRole = "ROLE_ANONYMOUS,ROLE_USER,ROLE_MANAGER"), @Restriction(restrictionType = RestrictionType.REMOVE, requiredRole = "ROLE_ANONYMOUS,ROLE_USER,ROLE_MANAGER"), @Restriction(restrictionType = RestrictionType.VIEW, requiredRole = "ROLE_ANONYMOUS,ROLE_USER,ROLE_MANAGER") })

browser sits hanging in an infinite loop

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Kalle Korhonen - 31/May/07 02:47 PM
You have the classic Acegi configuration mistake: Access to your login page is restricted. Google on it. This works fine once configured correctly.


Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.12.2-#300) - Bug/feature request - Atlassian news - Contact Administrators