[JIRA] Updated: (NXP-2527) Fix security issue in local session

Anahide Tchertchian (JIRA NUXEO) Tue, 15 Jul 2008 06:52:50 -0700

     [ 
http://jira.nuxeo.org/browse/NXP-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Anahide Tchertchian updated NXP-2527:
-------------------------------------

    Upgrade notes: 
When test code needs to open a session with administrator, username must be 
added explicitely in session context when opening it.
For instance:

// opening a system session
Framework.login();
RepositoryManager manager = Framework.getService(RepositoryManager.class);
Map<String, Serializable> context = new HashMap<String, Serializable>();
context.put("username", "system");
coreSession = manager.getRepository(repo).open(context);

> Fix security issue in local session
> -----------------------------------
>
>                 Key: NXP-2527
>                 URL: http://jira.nuxeo.org/browse/NXP-2527
>             Project: Nuxeo Enterprise Platform
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 5.1.5
>            Reporter: Anahide Tchertchian
>            Assignee: Anahide Tchertchian
>             Fix For: 5.1.6
>
>
> When creating a session without a principal, one named "Administrator" is 
> used.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets

[JIRA] Updated: (NXP-2527) Fix security issue in local session

Reply via email to