SiteView should throw SecurityException when a Node is not accessible instead
of NodeNotFoundException
------------------------------------------------------------------------------------------------------
Key: JS2-900
URL: https://issues.apache.org/jira/browse/JS2-900
Project: Jetspeed 2
Issue Type: Bug
Components: Profiling/Portal Navigation
Affects Versions: 2.1.3
Reporter: Ate Douma
Fix For: 2.2
SiteView.getNodeProxy uses currentFolder.getAll() to lookup a target path
(element).
FolderImpl.getAll() (both PSML and DB versions) will filter out any Node for
which the current user doesn't have access.
But this means there is no distinction possible between a not-existing page
access and not-allowed page access (e.g. 404 or 403).
The ProfilerValveImpl (invoking these) already can handle a thrown
SecurityException and send a SC_FORBIDDEN error (if configured to do so).
So, the intended behavior already is to support this.
We just need to fix SiteView.getNodeProxy a little like calling
currentFolder.getAllNodes() and perform a security check itself *if* the path
was resolved.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
