Security Bug: infinite loop on special configuration

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Won't Fix
Affects Version/s: 1.0.0, 1.0.1, 1.1.0
Fix Version/s: 1.0.0, 1.0.1, 1.1.0
Component/s: None
Labels:
None

Number of attachments :
0

Description

When logging in as ROLE_MANAGER (specufying this in acegi xml file)

and using the following restriction sequence...

@Security(restrictions =

{ @Restriction(restrictionType = RestrictionType.UPDATE, requiredRole = "ROLE_ANONYMOUS,ROLE_USER,ROLE_MANAGER"), @Restriction(restrictionType = RestrictionType.REMOVE, requiredRole = "ROLE_ANONYMOUS,ROLE_USER,ROLE_MANAGER"), @Restriction(restrictionType = RestrictionType.VIEW, requiredRole = "ROLE_ANONYMOUS,ROLE_USER,ROLE_MANAGER") }

)

browser sits hanging in an infinite loop

Activity

Hide

Permalink

Kalle Korhonen added a comment - 31/May/07 2:47 PM

You have the classic Acegi configuration mistake: Access to your login page is restricted. Google on it. This works fine once configured correctly.

Show

Kalle Korhonen added a comment - 31/May/07 2:47 PM You have the classic Acegi configuration mistake: Access to your login page is restricted. Google on it. This works fine once configured correctly.

People

Assignee:

Unassigned

Reporter:

Ken in nashua

Vote (0)

Watch (0)

Dates

Created:

31/May/07 2:32 PM

Updated:

31/May/07 2:47 PM

Resolved:

31/May/07 2:47 PM