David, > > If you provide a link to a portlet in another user's psml, such as: > > > > http://localhost/jetspeed/portal/media-type/html/user/admin/page/default.psm l/js_peid/321?action=controls.Maximize > > > > the portlet gets displayed correctly. However, if you click > Home then you > > get "<>" back and you have to log out and log back in to get > your profile > > displaying correctly again. Did anyone ever run into this before? > > > I see a number of bugs: > > 1. If Im logged on as anon, and I go to > > http://localhost/jetspeed/portal/media-type/html/user/admin/page/default.psm l > > then fine, it disallows viewing of the portlets > > 2. If I then go to > > > http://localhost/jetspeed/portal/media-type/html/user/admin/page/default.psm l/js_peid/321?action=controls.Maximize > > It bypasses the security and goes down to the particular specified portlet > > 3. If I try to go back to the address in #1, it remembers the maximized state, and bypasses security again >
I traced the security hole to JetspeedTool.getPortletById() method. It bypasses PortletFactory and gets it directly from the profile. I'll look into fixing it. > 4. this is the error as you described: you can no long get anymore pages to load, just "<>" > > Ive never seen #4 before. Im wondering if its related to my commits from last night. > Are you using a fresh cvs checkout? I traced that as well. The "js_peid" contained in the user's temp storage was not being reset after maximizing the portlet. I already checked in a fix for that (Home.vm). Best regards, Mark C. Orciuch Next Generation Solutions, Ltd. e-Mail: [EMAIL PROTECTED] web: http://www.ngsltd.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
