Hide Forgot
Help Desk Ticket Reference: https://na7.salesforce.com/500A0000007Agau project_key: JBEPP The following test for the CMSPreviewServlet uses the following URL: http://localhost:8080/portal-cms/cmspreview?v=1.0&l=en&p=/default/images/epp4.3.gif. 1) Without login, access the URL directly, working. 2) Login as the super user, navigate to the content, and click version 1.0 to view the content, working. 3) Login as another user "devadmin", navigate to the content, and click version 1.0 to view the content, NOT working. 4) Assign read permission to the "CustomAdminRole" role on epp4.3.gif ("devadmin" user belongs to this role), and then try to preview again, NOT working. 5) Assign read permission to the "devadmin" user directly on epp4.3.gif file, and then try to preview again, working. The problem is that when the call is coming from the CMSPreviewServlet, the following call in org.jboss.portal.cms.security.AuthorizationProviderImpl#getCurrentRoles() returns null: Subject subject = (Subject)PolicyContext.getContext("javax.security.auth.Subject.container"); This is the JIRA that caused the change: https://issues.jboss.org/browse/JBPORTAL-1990 and this is the corresponding changeset: http://fisheye.jboss.org/changelog/Portal/?cs=10633 In order to fix this problem, I'd suggest having a fall back mechanism in place that uses the membershipModule.
Attaching a patch proposal.
Attachment: Added: JBEPP-918.patch
Release Notes Docs Status: Added: Not Yet Documented
Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Resolved Issue Release Notes Text: Added: A bug in the org.jboss.portal.cms.security.AuthorizationProviderImpl#getCurrentRoles() call was incorrectly returning null. Users authenticated using LDAP were not seeing content that should have been available to them through the CMSPreviewServlet. The fix implements a fallback mechanism that uses the membershipModule to correctly authenticate users.