Bug 724106 (BRMS-49) - Rules Agent provides access to all users' rules without authentication
Summary: Rules Agent provides access to all users' rules without authentication
Keywords:
Status: CLOSED NEXTRELEASE
Alias: BRMS-49
Product: JBoss Enterprise BRMS Platform 5
Classification: JBoss
Component: BRM (Guvnor)
Version: 5.0.0 EA1
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: ---
: 5.1.0 GA
Assignee: Jervis Liu
QA Contact:
URL: http://jira.jboss.org/jira/browse/BRM...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-02-11 15:49 UTC by Len DiMaggio
Modified: 2013-11-07 22:09 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-02-24 11:58:44 UTC
Type: Feature Request


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker BRMS-49 0 None None None Never

Description Len DiMaggio 2009-02-11 15:49:50 UTC
Product JIRA for project JIRA:  GUVNOR-133

Comment 1 Len DiMaggio 2009-02-11 15:50:13 UTC
Link: Added: This issue depends GUVNOR-133


Comment 2 Dana Mison 2010-10-26 05:50:40 UTC
Writer: Added: Darrin


Comment 3 Dana Mison 2010-10-26 05:55:40 UTC
Release Notes Docs Status: Added: Not Yet Documented


Comment 4 Dana Mison 2010-10-27 03:06:16 UTC
Release Notes Text: Added: test


Comment 5 Dana Mison 2010-10-27 03:13:30 UTC
Release Notes Text: Removed: test 


Comment 6 Len DiMaggio 2010-11-23 20:03:34 UTC
Need to verify that user credentials have to be added to change-set.xml




Comment 7 David Le Sage 2010-12-02 01:01:10 UTC
Labels: Removed: rn-dmison rn-open Added: rn-dlesage rn-done-resolved


Comment 8 David Le Sage 2010-12-02 01:01:56 UTC
Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Resolved Issue
Writer: Removed: Darrin Added: dlesage
Release Notes Text: Added: https://jira.jboss.org/browse/GUVNOR-133

An agent could access every user's rules package.  This was because no authentication was required.  An option has been added to provide security if the user requires it. User credentials now have to be added to change-set.xml 



Note You need to log in before you can comment on or make changes to this bug.