Return-Path: 
 <jetspeed-dev-return-4460-qmlist-jakarta-archive-jetspeed-dev=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-jetspeed-dev-archive@apache.org
Received: (qmail 20355 invoked from network); 10 Jun 2002 15:27:29 -0000
Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131)
  by daedalus.apache.org with SMTP; 10 Jun 2002 15:27:29 -0000
Received: (qmail 24859 invoked by uid 97); 10 Jun 2002 15:27:31 -0000
Delivered-To: qmlist-jakarta-archive-jetspeed-dev@jakarta.apache.org
Received: (qmail 24813 invoked by uid 97); 10 Jun 2002 15:27:30 -0000
Mailing-List: contact jetspeed-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:jetspeed-dev-subscribe@jakarta.apache.org>
List-Help: <mailto:jetspeed-dev-help@jakarta.apache.org>
List-Post: <mailto:jetspeed-dev@jakarta.apache.org>
List-Id: "Jetspeed Developers List" <jetspeed-dev.jakarta.apache.org>
Reply-To: "Jetspeed Developers List" <jetspeed-dev@jakarta.apache.org>
Delivered-To: mailing list jetspeed-dev@jakarta.apache.org
Received: (qmail 15730 invoked by uid 98); 10 Jun 2002 15:20:59 -0000
X-Antivirus: nagoya (v4198 created Apr 24 2002)
Message-ID: <001701c21093$fa2438f0$fae0fea9@development>
From: "Mark Dimon" <mark.dimon@btinternet.com>
To: <jetspeed-dev@jakarta.apache.org>
Subject: jetspeed security broken [non-existant] nightly build 2002-06-09
Date: Mon, 10 Jun 2002 16:32:05 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0012_01C2109C.5BB31200"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

------=_NextPart_000_0012_01C2109C.5BB31200
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

If you fire-up the lastest nightly build and type the url

http://localhost:8080/jetspeed/portal/user/admin
the you go straight to the admin screen even though you are a logged out =
anon user,

none of the portlets are active or will display there contents , but =
this is surely wrong should you not be sent to the anon psml.

also

http://localhost:8080/jetspeed/portal/user/turbine

takes you straight to the turbine users screen , you can't edit the =
portals but you can still see the information directed to a particular =
user.=20


Is this due to the CVS being in a state of flux at the moment , or is it =
a bug?


Regards mark.



------=_NextPart_000_0012_01C2109C.5BB31200--