Trails
  1. Trails
  2. TRAILS-50

Security Bug: infinite loop on special configuration

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 1.0.0, 1.0.1, 1.1.0
    • Fix Version/s: 1.0.0, 1.0.1, 1.1.0
    • Component/s: None
    • Labels:
      None
    • Number of attachments :
      0

      Description

      When logging in as ROLE_MANAGER (specufying this in acegi xml file)

      and using the following restriction sequence...

      @Security(restrictions =

      { @Restriction(restrictionType = RestrictionType.UPDATE, requiredRole = "ROLE_ANONYMOUS,ROLE_USER,ROLE_MANAGER"), @Restriction(restrictionType = RestrictionType.REMOVE, requiredRole = "ROLE_ANONYMOUS,ROLE_USER,ROLE_MANAGER"), @Restriction(restrictionType = RestrictionType.VIEW, requiredRole = "ROLE_ANONYMOUS,ROLE_USER,ROLE_MANAGER") }

      )

      browser sits hanging in an infinite loop

        Activity

        Hide
        Kalle Korhonen added a comment -

        You have the classic Acegi configuration mistake: Access to your login page is restricted. Google on it. This works fine once configured correctly.

        Show
        Kalle Korhonen added a comment - You have the classic Acegi configuration mistake: Access to your login page is restricted. Google on it. This works fine once configured correctly.

          People

          • Assignee:
            Unassigned
            Reporter:
            Kenneth William Colassi
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: