[MAGNOLIA-912] Curious login issues with Groups/Roles and Users Created: 07/Jun/06  Updated: 23/Jan/13  Resolved: 07/Jun/06

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 3.0 Beta 1
Fix Version/s: 3.0 RC1

Type: Bug Priority: Major
Reporter: Giancarlo Berner Assignee: Sameer Charles
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows XP, Magnolia 3.0 RC1 build 3345, Jetty 6-Beta17


Attachments: PNG File Logfile.png    
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   
  • Login as 'superuser'
  • Create a Group A
  • Create a User B
  • Assign Group A to User B (wouldn't the other way around be more logical?)
  • Define a Role with Read only for the whole WEBSITE repository
  • Assign Role to Group A (which should be inherited by User A, right?)
  • Log out
  • Log in as User B
    ---> You will get a 403 (Forbidden)
    Now comes the strange part:
  • Close the browser
  • Open a new browser
  • Login as 'superuser'
    ---> You will get a 403 (Forbidden) again!!
    After restarting Jetty I can login again as 'superuser'

I have choosen "Major" priority, but for the project we are doing it actually is a "Blocker". So if you could provide a workaround, that would be truely apreciated!



 Comments   
Comment by Giancarlo Berner [ 07/Jun/06 ]

The messages received when login in as a User which has no assigned Roles, but is added to a Group with according Roles. Throughs a 403. After reopening the browser a login as 'superuser' does not work anymore: 403 (Forbidden) again. Only a Servlet Engine restart solves the problem.

Comment by Sameer Charles [ 07/Jun/06 ]
  • Login as 'superuser'
    ---> You will get a 403 (Forbidden) again!!

I cannot reproduce this behaviour, superuser and other users are uneffected by this.

I will work on the problem with the actual user and group as you described.

Comment by Sameer Charles [ 07/Jun/06 ]

could you please check again with a fresh build
I had to change one bootstrap file for GroupDialog

Comment by Sameer Charles [ 07/Jun/06 ]

Fix on svn

Generated at Mon Feb 12 03:21:50 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.