History
|
Log In
H
OME
B
ROWSE PROJECT
F
IND ISSUES
Q
UICK SEARCH:
Learn more about
Quick Search
Issue Details
(
XML
|
Word
|
Printable
)
Key:
APF-88
Type:
Bug
Status:
Resolved
Resolution:
Fixed
Priority:
Minor
Assignee:
Matt Raible
Reporter:
Shuwei yang
Votes:
0
Watchers:
0
Operations
If you were
logged in
you would be able to see more operations.
AppFuse
A 'tomcat' user can view all the registered users' info.
Created:
29/Jun/05 07:52 PM
Updated:
02/Aug/05 01:19 AM
Component/s:
Security
Affects Version/s:
1.8.1
Fix Version/s:
1.8.2
Description
« Hide
please try this as a 'tomcat' role user.
http://demo.appfuse.org/appfuse/editProfile.html?method=search
All the registered users will be listed.
Description
please try this as a 'tomcat' role user.
http://demo.appfuse.org/appfuse/editProfile.html?method=search
All the registered users will be listed.
Show »
All
Comments
Change History
FishEye
Sort Order:
[
Permlink
|
« Hide
]
Matt Raible
-
02/Aug/05 01:19 AM
Fixed in CVS by overriding "userManager" bean definition in applicationContext-security.xml. This definition contains a MethodInvocationInterceptor that only allows certain methods to be invoked by certain users.
https://appfuse.dev.java.net/source/browse/appfuse/web/WEB-INF/applicationContext-security.xml?r1=1.5&r2=1.6
[
Show »
]
Matt Raible
-
02/Aug/05 01:19 AM
Fixed in CVS by overriding "userManager" bean definition in applicationContext-security.xml. This definition contains a MethodInvocationInterceptor that only allows certain methods to be invoked by certain users.
https://appfuse.dev.java.net/source/browse/appfuse/web/WEB-INF/applicationContext-security.xml?r1=1.5&r2=1.6
Bug
Resolved
Minor
A 'tomcat' user can view all the registered users' info.
https://appfuse.dev.java.net/source/browse/appfuse/web/WEB-INF/applicationContext-security.xml?r1=1.5&r2=1.6