portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stuart Belden" <SBel...@bjc.org>
Subject Weird Jetspeed security caching behavior
Date Wed, 05 Mar 2003 18:19:05 GMT
Environment: 1.4b3, Websphere, on Redhat 8

I'm getting really bizarre behavior with jetspeed security caching turned on; I'm wondering
if it's my misunderstanding of how security caching works or if it's a bug.  Here's the situation:

A portlet checks a user's permissions and draws three different hrefs based on the presence
of certain permissions.  One link is drawn regardless, one is drawn if the MSGUser permission
exists, and the last is drawn if the MSGISUser permission is drawn.  The two permissions are
contained in roles of the same name; e.g. the MSGUser role has the MSGUser permission, same
situation for MSGISuser role.

Say I have all both roles above and log in as user 'stu'.  I go to the portlet and get all
three links.  In a separate browser instance I login as admin and assign the MSGUser role
to any other user.  I log out and log back in as stu and now can see only two links; the portlet
acts as though I don't have the MSGUser permission.  Anyone that has the MSGUser permission,
save the person admin just assigned it to, will have this problem.  The same thing happens
with the MSGISUser role.

Now, if admin removes the MSGUser role from any user, not necessarily the one he assigned
it to originally, the link will reappear for all users once they log out and in again.  The
only solutions I've found are to turn off security caching or start & stop jetspeed after
adding the offending role to a user.

A related issue:  In the Role browser, for roles that end in 'user', including the user role
itself, clicking on the 'Permissions' link doesn't select for any of the permissions that
role has.  It works for all other roles, and it works flawlessly with caching turned off.

Has anyone else run across this, or am I just horribly confused?

To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

View raw message