directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shawn McKinney (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (FC-176) [ fortress-web ] spring security page security broken
Date Wed, 24 Aug 2016 15:29:20 GMT

     [ https://issues.apache.org/jira/browse/FC-176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Shawn McKinney resolved FC-176.
-------------------------------
    Resolution: Fixed

The issue was related to case sensitivity in the urls defined in the spring context file.
 Somewhere along the line either the spring control became case sensitive, or the case changed
for the wicket page names.

It was resolved by changing to proper case, e.g. UserPage, instead of userpage.

The second part of this issue is to add negative selenium test cases to detect this problem
if it recurs.

Illustrates the necessity of automated testing.  You may think you tested everything but somehow
critical issues like this one slip through if not automatically tested with each release.

> [ fortress-web ] spring security page security broken
> -----------------------------------------------------
>
>                 Key: FC-176
>                 URL: https://issues.apache.org/jira/browse/FC-176
>             Project: FORTRESS
>          Issue Type: Bug
>    Affects Versions: 1.0.1
>            Reporter: Shawn McKinney
>            Assignee: Shawn McKinney
>             Fix For: 1.0.2
>
>
> The spring page level security controls are not preventing unauthorized users from accessing
pages.  Fix and add test cases verifying to prevent problem from recurring.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message