Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#23 update subject in memory

v0.80 beta2
closed-fixed
5
2006-06-08
2006-05-16
maxi
No

I created a new user with principal "admin", then I log
in with this new user and remove the "admin" principal
and added the "guest" principal. The user still have
permission to go to the "vip area" and "access to
administration section". When I go to the vip area says
"hello!! you have got a role called admin". It seems
that the subject is updated in backend but not in
memory because if I log off and then log in again, all
goes fine.

Cheers
Maxi

Discussion

  • Charles Lescot
    Charles Lescot
    2006-05-31

    • assigned_to: nobody --> diabolo512
     
  • Charles Lescot
    Charles Lescot
    2006-06-02

    Logged In: YES
    user_id=824172

    Hi,
    you're right, the user in session is not updated.
    i'm agree that we need to update too the Subject object from
    the session too.
    i'm investigating a solution.

    Charles.

     
  • Charles Lescot
    Charles Lescot
    2006-06-02

    • milestone: --> v0.80 beta2
     
  • maxi
    maxi
    2006-06-04

    Logged In: YES
    user_id=1477381

    To not forget when fix this bug!
    If you logg in with a user A that has got admin principal
    and go to manage users and delete the user A, it still have
    access to jGuardExample.
    If you logg of and try to log in the jguard tells that user
    does not exist, this is ok.
    I think this must happen if from one session an
    administrator remove a user that it is logged in another
    session.
    In conclusion, we must deal with updating and deleting users
    that are currently in session.

    Cheers
    Maxi

     
  • Charles Lescot
    Charles Lescot
    2006-06-08

    Logged In: YES
    user_id=824172

    this bug(i think it's a feature request and not a bug ;-p ),
    has been "fixed"/implemented, and will be present in the
    0.80 final version.

    cheers,

    Charles.

     
  • Charles Lescot
    Charles Lescot
    2006-06-08

    • status: open --> closed-fixed