Opened 16 years ago
Closed 16 years ago
#703 closed defect (fixed)
Feature Source cache appears to bypass resource security when viewing a map
| Reported by: | troylouden | Owned by: | trevorwekel |
|---|---|---|---|
| Priority: | medium | Milestone: | 2.1 |
| Component: | Feature Service | Version: | 2.0.1 |
| Severity: | major | Keywords: | |
| Cc: | External ID: | 1121278 |
Description
- Create a user in Site Admin that is an author
- In Studio Create a folder and create a feature source, a layer, a map and a web layout using Sample World Countries sdf.
- Right click on the feature source in the site explorer and remove the inherited permissions for Everyone and add read/write permissions for the new user
- Open the AJAX layout in the browser using Anonymous (no password) and the layer should fail to load in the map. An error indicating permission denied on the resource is generated in the server error log
- Close the browser and launch the layout again only log in with the new user and the layer should preview
- Close the browser again and launch the layout again but log in as Anonymous again and the layer will preview. It appears that the cached connection to the feature source somehow bypasses security.
The same logic applies to using a group instead of a user.
Attachments (1)
Change History (3)
by , 16 years ago
| Attachment: | 1121278.patch added |
|---|
comment:1 by , 16 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Submitted to trunk in http://trac.osgeo.org/mapguide/changeset/3388
Note:
See TracTickets
for help on using tickets.
Fix submitted to 2.0.x branch in http://trac.osgeo.org/mapguide/changeset/3331