DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42952>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42952 ------- Additional Comments From [EMAIL PROTECTED] 2007-07-29 10:41 ------- Created an attachment (id=20561) --> (http://issues.apache.org/bugzilla/attachment.cgi?id=20561&action=view) makes PolicyAuthorizer check for "visit" role explicitly here's a quick fix. it changes the PolicyAuthorizer to check for the "visit" role explicitly, not just any old role. to keep the authoring area operational, it grants visit to world. the admin needs to change that in order to restore security. there's a downside to this patch though: until now, all ac policy was kept in pubs/PUB/config/ac/, and the java code was totally agnostic to the meaning of a role. now "visit" has become something special. this should either be improved (though i don't see how) or documented really well... two issues i'm not sure about: 1. is the policy authorizer only used to authorize access to URLs, or may i have introduced unwanted side effects? (anyway, those would be deny by default, so we don't open up holes.) 2. is it ok to test against Role.getId()? there's also Role.getName(), but it seems to be unused - is it needed for some interface, or can it be removed? plus i found that PolicyAuthorizer seems to rely on the Role.toString() method a lot, which is bad style imho in security-critical code. toString() is getId(), we shold spell that out - wdyt? before it can go into the trunk, the world visit policy must be removed, of course, and appropriate rights granted. i suggest introducing a users group, adding lenya and alice to it and give it visit to authoring, and then add a checkbox to the addUser usecase saying "add to users group" which is selected by default. which introduces the next "magic": the users group is now special as well... but i don't see a way around it - some implicit semantics are unavoidable afaics. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
