DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24939>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24939 administrative functions not secured ------- Additional Comments From [EMAIL PROTECTED] 2003-11-25 15:41 ------- Yes this is a bad 'feature' of Turbine: no actions are secured. So if you want to secure your actions, you need to write the security check in your action. Its a pretty easy security check, but I haven't done it because it 'hard-codes' the security. What if someone wanted to have another role, say "super-user" who also could access the admin portlets. Here's a simple solution: Add a configurable property to JetspeedSecurity.properties: services.JetspeedSecurity.admin.roles = admin And then check for this role in all of the administrative actions --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
