Message: The following issue has been re-assigned.
Assignee: Ate Douma (mailto:[EMAIL PROTECTED]) --------------------------------------------------------------------- View the issue: http://issues.apache.org/jira/browse/JS2-21 Here is an overview of the issue: --------------------------------------------------------------------- Key: JS2-21 Summary: Missing Security Feature: Check roles assigned to any group to user belongs Type: New Feature Status: Open Priority: Major Project: Jetspeed 2 Components: Security Versions: 2.0-a1 Assignee: Ate Douma Reporter: David Le Strat Created: Mon, 26 Apr 2004 6:12 AM Updated: Thu, 21 Oct 2004 11:03 AM Description: Reported by Ate Douma: o.a.j.security.impl.RoleManagerImpl.isUserInRole() implementation is missing a required feature. A User can be part of a Group which can have Roles just like the User itself. The isUserInRole() method currently only checks if the specified role is assigned to the user, not if it is assigned to one of the groups the user belongs to. The Role definition in Servlet 2.3 SRV.12.4 (which according to portlet PLT.20.2 also applies for portlets) specifies that a user is in a specific role either when assigned directly to the user or when assigned to a group the user belongs to. Thus according to this definition the RoleManagerImpl.isUserInRole() should also check the roles assigned to any group to user belongs to. --------------------------------------------------------------------- JIRA INFORMATION: This message is automatically generated by JIRA. If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
