Trails

Security Bug: infinite loop on special configuration

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Won't Fix
  • Affects Version/s: 1.0.0, 1.0.1, 1.1.0
  • Fix Version/s: 1.0.0, 1.0.1, 1.1.0
  • Component/s: None
  • Labels:
    None
  • Number of attachments :
    0

Description

When logging in as ROLE_MANAGER (specufying this in acegi xml file)

and using the following restriction sequence...

@Security(restrictions = { @Restriction(restrictionType = RestrictionType.UPDATE, requiredRole = "ROLE_ANONYMOUS,ROLE_USER,ROLE_MANAGER"), @Restriction(restrictionType = RestrictionType.REMOVE, requiredRole = "ROLE_ANONYMOUS,ROLE_USER,ROLE_MANAGER"), @Restriction(restrictionType = RestrictionType.VIEW, requiredRole = "ROLE_ANONYMOUS,ROLE_USER,ROLE_MANAGER") })

browser sits hanging in an infinite loop

Activity

Hide
Permalink
Kalle Korhonen added a comment -

You have the classic Acegi configuration mistake: Access to your login page is restricted. Google on it. This works fine once configured correctly.

Show
Kalle Korhonen added a comment - You have the classic Acegi configuration mistake: Access to your login page is restricted. Google on it. This works fine once configured correctly.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.