724106 – (BRMS-49) Rules Agent provides access to all users' rules without authentication

Bug 724106 (BRMS-49) - Rules Agent provides access to all users' rules without authentication

Summary: Rules Agent provides access to all users' rules without authentication

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	BRMS-49
Product:	JBoss Enterprise BRMS Platform 5
Classification:	JBoss
Component:	BRM (Guvnor)
Sub Component:
Version:	5.0.0 EA1
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	---
Target Release:	5.1.0 GA
Assignee:	Jervis Liu
QA Contact:
Docs Contact:
URL:	http://jira.jboss.org/jira/browse/BRM...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-02-11 15:49 UTC by Len DiMaggio
Modified:	2013-11-07 22:09 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-02-24 11:58:44 UTC
Type:	Feature Request

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	BRMS-49	0	None	None	None	Never

Description Len DiMaggio 2009-02-11 15:49:50 UTC

Product JIRA for project JIRA:  GUVNOR-133

Comment 1 Len DiMaggio 2009-02-11 15:50:13 UTC

Link: Added: This issue depends GUVNOR-133

Comment 2 Dana Mison 2010-10-26 05:50:40 UTC

Writer: Added: Darrin

Comment 3 Dana Mison 2010-10-26 05:55:40 UTC

Release Notes Docs Status: Added: Not Yet Documented

Comment 4 Dana Mison 2010-10-27 03:06:16 UTC

Release Notes Text: Added: test

Comment 5 Dana Mison 2010-10-27 03:13:30 UTC

Release Notes Text: Removed: test

Comment 6 Len DiMaggio 2010-11-23 20:03:34 UTC

Need to verify that user credentials have to be added to change-set.xml

Comment 7 David Le Sage 2010-12-02 01:01:10 UTC

Labels: Removed: rn-dmison rn-open Added: rn-dlesage rn-done-resolved

Comment 8 David Le Sage 2010-12-02 01:01:56 UTC

Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Resolved Issue
Writer: Removed: Darrin Added: dlesage
Release Notes Text: Added: https://jira.jboss.org/browse/GUVNOR-133

An agent could access every user's rules package.  This was because no authentication was required.  An option has been added to provide security if the user requires it. User credentials now have to be added to change-set.xml

Note You need to log in before you can comment on or make changes to this bug.