[MAGNOLIA-1011] MgnlContext should never fallback to SystemContext Created: 21/Aug/06  Updated: 23/Jan/13  Resolved: 16/Oct/06

Status: Closed
Project: Magnolia
Component/s: core
Affects Version/s: 3.0 RC2
Fix Version/s: 3.0 RC4

Type: Task Priority: Critical
Reporter: Sameer Charles Assignee: Sameer Charles
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:

 Description   

Its a breach of security if we set System context if nothing is set, A simple example would be if you call a JSP from within your template you will have full access without even realizing.

If its a problem that workflow engine cannot set proper permissions, we can set SystemContext there instead of leaving this security hole.



 Comments   
Comment by Nicolas Modrzyk [ 21/Aug/06 ]

There should be a workflow context set. I'll check that tomorrow, but I think we should remove the System Context defaulting option as soon as possible.

Comment by Sameer Charles [ 16/Oct/06 ]

Its time to finally close this issue, We have to test all external modules. I will leave the logging so you can trace the problem.

Comment by Sameer Charles [ 16/Oct/06 ]

on svn
Throws IllegalStateException if context is not initialized

Generated at Mon Feb 12 03:22:48 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.