portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hans Plum (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Created: (JS1-561) Incorrect evaluation of PSML security constraint in order of ACL caching
Date Mon, 07 Aug 2006 11:03:16 GMT
Incorrect evaluation of PSML security constraint in order of ACL caching
------------------------------------------------------------------------

                 Key: JS1-561
                 URL: http://issues.apache.org/jira/browse/JS1-561
             Project: Jetspeed
          Issue Type: Bug
          Components: Cache, PSML, Security
    Affects Versions: 1.6
         Environment: SLES 9, Tomcat 5.5.15, Java 5, Oracle 9i R2
            Reporter: Hans Plum


Using filebased PSML management and referencing a group-based security constraint in a role-based
PSML source like:

<security-entry name="group1_only">
        <meta-info>
            <title>group1</title>
        </meta-info>
        <access action="view">
            <allow-if group="group1"/>
        </access>
        <access action="*">
            <allow-if role="admin"/>
        </access>
    </security-entry>

fails if you change the group affiliation "group1" for user1 in the database. After changing
the group, the user stills sees the portlets only accessed by members of group1.

Workaround:
After restarting Tomcat everything works fine. It seems that the ACLs get cached somewhere
and do not get updated during the JS1 instances is running.

Question:
Are there other suggestions how to "trigger" the refreshment of the cache?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message