[
https://issues.apache.org/jira/browse/FC-176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shawn McKinney resolved FC-176.
-------------------------------
Resolution: Fixed
The issue was related to case sensitivity in the urls defined in the spring
context file. Somewhere along the line either the spring control became case
sensitive, or the case changed for the wicket page names.
It was resolved by changing to proper case, e.g. UserPage, instead of userpage.
The second part of this issue is to add negative selenium test cases to detect
this problem if it recurs.
Illustrates the necessity of automated testing. You may think you tested
everything but somehow critical issues like this one slip through if not
automatically tested with each release.
> [ fortress-web ] spring security page security broken
> -----------------------------------------------------
>
> Key: FC-176
> URL: https://issues.apache.org/jira/browse/FC-176
> Project: FORTRESS
> Issue Type: Bug
> Affects Versions: 1.0.1
> Reporter: Shawn McKinney
> Assignee: Shawn McKinney
> Fix For: 1.0.2
>
>
> The spring page level security controls are not preventing unauthorized users
> from accessing pages. Fix and add test cases verifying to prevent problem
> from recurring.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
