[mapguide-trac] #703: Feature Source cache appears to bypass
resource security when viewing a map
MapGuide Open Source
trac_mapguide at osgeo.org
Fri Sep 19 14:43:27 EDT 2008
#703: Feature Source cache appears to bypass resource security when viewing a map
-------------------------------+--------------------------------------------
Reporter: troylouden | Owner: troylouden
Type: defect | Status: new
Priority: medium | Milestone: 2.1
Component: Feature Service | Version: 2.0.1
Severity: major | Keywords:
External_id: 1121278 |
-------------------------------+--------------------------------------------
* Create a user in Site Admin that is an author
* In Studio Create a folder and create a feature source, a layer, a map
and a web layout using Sample World Countries sdf.
* Right click on the feature source in the site explorer and remove the
inherited permissions for Everyone and add read/write permissions for the
new user
* Open the AJAX layout in the browser using Anonymous (no password) and
the layer should fail to load in the map. An error indicating permission
denied on the resource is generated in the server error log
* Close the browser and launch the layout again only log in with the new
user and the layer should preview
* Close the browser again and launch the layout again but log in as
Anonymous again and the layer will preview. It appears that the cached
connection to the feature source somehow bypasses security.[[br]][[br]]
The same logic applies to using a group instead of a user.
--
Ticket URL: <http://trac.osgeo.org/mapguide/ticket/703>
MapGuide Open Source <http://mapguide.osgeo.org/>
MapGuide Open Source Internals
More information about the mapguide-trac
mailing list