Trails

Security is broken, ROLE_ANONYMOUS is constrained from creating users - impact from merge 582

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.1.0
  • Fix Version/s: 1.1.0
  • Component/s: None
  • Labels:
    None
  • Environment:
    XP Pro, MySQL, HSql
  • Number of attachments :
    0

Description

Security is broken, ROLE_ANONYMOUS is constrained from creating users while classes are all configured by annotations to VIEW,UPDATE,REMOVE via ROLE_ANONYMOUS.

Using the original (anticipated to be deprecated) security model, I try to create a Person (using roster demo). Note that Person implements UserDetails and gets stored in his own table but joins independently successfully to the Role table.

Refer to roster demo for more details on taxonomy. This was working last week. I could add Coaches and others... but cannot now.

I created a seeded entity Anonymous (which gets populated to the User table successfully), but trails will not permit me to login as such afterwards. So I am not sure if I am authenticating properly to see results.

Only user and admin are allowed to login.

Activity

Hide
Permalink
Kalle Korhonen added a comment -

You should not create an anonymous role entity. It's all Acegi configuration. Works ok in the security example, likely a problem in your application configuration.

Show
Kalle Korhonen added a comment - You should not create an anonymous role entity. It's all Acegi configuration. Works ok in the security example, likely a problem in your application configuration.

People

  • Assignee:
    Unassigned
    Reporter:
    Ken in nashua
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: