Quick Search
Learn more about
Quick Search
Log In
Access more options
Online Help
About JIRA
Dashboards
Access more options (Alt+D)
Projects
Access more options (Alt+P)
Issues
Access more options (Alt+I)
Issue Details
(
XML
|
Word
|
Printable
)
Key:
APF-88
Type:
Bug
Status:
Resolved
Resolution:
Fixed
Priority:
Minor
Assignee:
Matt Raible
Reporter:
Shuwei yang
Votes:
0
Watchers:
0
Operations
If you were
logged in
you would be able to see more operations.
AppFuse
A 'tomcat' user can view all the registered users' info.
Created:
29/Jun/05 07:52 PM
Updated:
02/Aug/05 01:19 AM
Resolved:
02/Aug/05 01:19 AM
Component/s:
Security
Affects Version/s:
1.8.1
Fix Version/s:
1.8.2
Description
« Hide
please try this as a 'tomcat' role user.
http://demo.appfuse.org/appfuse/editProfile.html?method=search
All the registered users will be listed.
Description
please try this as a 'tomcat' role user.
http://demo.appfuse.org/appfuse/editProfile.html?method=search
All the registered users will be listed.
Show »
Sort Order:
All
Comments
Change History
Activity Stream
Source
[
Permalink
|
« Hide
]
Matt Raible
added a comment -
02/Aug/05 01:19 AM
Fixed in CVS by overriding "userManager" bean definition in applicationContext-security.xml. This definition contains a MethodInvocationInterceptor that only allows certain methods to be invoked by certain users.
https://appfuse.dev.java.net/source/browse/appfuse/web/WEB-INF/applicationContext-security.xml?r1=1.5&r2=1.6
[
Show »
]
Matt Raible
added a comment -
02/Aug/05 01:19 AM
Fixed in CVS by overriding "userManager" bean definition in applicationContext-security.xml. This definition contains a MethodInvocationInterceptor that only allows certain methods to be invoked by certain users.
https://appfuse.dev.java.net/source/browse/appfuse/web/WEB-INF/applicationContext-security.xml?r1=1.5&r2=1.6
https://appfuse.dev.java.net/source/browse/appfuse/web/WEB-INF/applicationContext-security.xml?r1=1.5&r2=1.6