Issue Details (XML | Word | Printable)

Key: APF-88
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Minor Minor
Assignee: Matt Raible
Reporter: Shuwei yang
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
AppFuse

A 'tomcat' user can view all the registered users' info.

Created: 29/Jun/05 07:52 PM   Updated: 02/Aug/05 01:19 AM   Resolved: 02/Aug/05 01:19 AM
Component/s: Security
Affects Version/s: 1.8.1
Fix Version/s: 1.8.2


 Description  « Hide
please try this as a 'tomcat' role user.
http://demo.appfuse.org/appfuse/editProfile.html?method=search

All the registered users will be listed.

1068 by  Matt Raible (3 files)
02/Aug/05 01:13 AM (59 months, 28 days ago)
Matt Raible added a comment - 02/Aug/05 01:19 AM
Fixed in CVS by overriding "userManager" bean definition in applicationContext-security.xml. This definition contains a MethodInvocationInterceptor that only allows certain methods to be invoked by certain users.

https://appfuse.dev.java.net/source/browse/appfuse/web/WEB-INF/applicationContext-security.xml?r1=1.5&r2=1.6

Matt Raible made changes - 02/Aug/05 01:19 AM
Field Original Value New Value
Status Open [ 1 ] Resolved [ 5 ]
Resolution Fixed [ 1 ]
Fix Version/s 1.8.2 [ 10020 ]