[ http://wso2.org/jira/browse/REGISTRY-45?page=all ]
Chathura Ekanayake resolved REGISTRY-45.
----------------------------------------
Resolution: Cannot Reproduce
Unauthoried (Read) resources are not displayed in the search results.
I rechecked the response for downloading an unauthorized resource. Registry
sends 401Unauthorized response and the resource content is not sent.
> users who has no permission to read the content can be access to sub
> directory level and download resource content
> ------------------------------------------------------------------------------------------------------------------
>
> Key: REGISTRY-45
> URL: http://wso2.org/jira/browse/REGISTRY-45
> Project: WSO2 Registry
> Issue Type: Bug
> Affects Versions: 0.1
> Environment: Ubuntu 7.10, JDK 1.5.0_08, tomcat 6.0.14, Firefox/2.0.0.
> Reporter: Krishantha Samaraweera
> Assigned To: Chathura Ekanayake
>
> How to recreate:
> 1. login as admin
> 2. deny read action from user level for a particular user.
> 3. login as the user.
> 4. upon login 404 unauthorized message will be show.
> 5. now go to search activity
> 6. do a all search
> 7. access to sub directory resource path by clicking in to resource path link
> 8. now you can down load any file
> user level restricted read permission is checked only on root level. sub
> directories can be accessed and read.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Registry-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/registry-dev
