Trails
  1. Trails
  2. TRAILS-56

Security is broken, ROLE_ANONYMOUS is constrained from creating users - impact from merge 582

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.0
    • Fix Version/s: 1.1.0
    • Component/s: None
    • Labels:
      None
    • Environment:
      XP Pro, MySQL, HSql
    • Number of attachments :
      0

      Description

      Security is broken, ROLE_ANONYMOUS is constrained from creating users while classes are all configured by annotations to VIEW,UPDATE,REMOVE via ROLE_ANONYMOUS.

      Using the original (anticipated to be deprecated) security model, I try to create a Person (using roster demo). Note that Person implements UserDetails and gets stored in his own table but joins independently successfully to the Role table.

      Refer to roster demo for more details on taxonomy. This was working last week. I could add Coaches and others... but cannot now.

      I created a seeded entity Anonymous (which gets populated to the User table successfully), but trails will not permit me to login as such afterwards. So I am not sure if I am authenticating properly to see results.

      Only user and admin are allowed to login.

        Activity

        Hide
        Kalle Korhonen added a comment -

        You should not create an anonymous role entity. It's all Acegi configuration. Works ok in the security example, likely a problem in your application configuration.

        Show
        Kalle Korhonen added a comment - You should not create an anonymous role entity. It's all Acegi configuration. Works ok in the security example, likely a problem in your application configuration.

          People

          • Assignee:
            Unassigned
            Reporter:
            Kenneth William Colassi
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: