Message: The following issue has been re-assigned.
Assignee: Mark Orciuch (mailto:[EMAIL PROTECTED]) --------------------------------------------------------------------- View the issue: http://issues.apache.org/jira/browse/JS1-421 Here is an overview of the issue: --------------------------------------------------------------------- Key: JS1-421 Summary: [FIX] Administrative functions not secured Type: Bug Status: Open Project: Jetspeed Components: Security Fix Fors: 1.5 Versions: 1.4b5-dev / CVS Assignee: Mark Orciuch Reporter: Olaf Romanski Created: Mon, 24 Nov 2003 12:16 PM Updated: Fri, 2 Apr 2004 9:52 AM Environment: Operating System: Windows NT/2K Platform: PC Description: Here is what I do (using nightly build from 09.09.2003): 1. Create a new user (initially has USER role only) 2. Log on to Jetspeed with that user's name 3. Enter one of the following URL's into my browser: http://localhost:8080/jetspeed/portal/template/Home/template/Home? action=portlets.PortletUpdateAction&eventSubmit_doDelete=true&portlet_name=portl et_to_be_deleted and http://localhost:8080/jetspeed/portal/template/Home/template/Home? action=portlets.security.PermissionUpdateAction&eventSubmit_doInsert=true&name=i nserted_permission_name Result is: Having only USER role I deleted portlet 'portlet_to_be_deleted' from portlet registry and added new permission 'inserted_permission_name' Should be: Some message about unauthorized access attempt should be displayed, or at least protected resources should not be modified. --------------------------------------------------------------------- JIRA INFORMATION: This message is automatically generated by JIRA. If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
