search

Letractively / jcatapult

Automatically exported from code.google.com/p/jcatapult
0 stars 0 forks source link

JCataput security blows up for new MVC #54

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
The JCatapult MVC blows up if parameters in the request don't exactly map
to properties of the action. JCatapult security uses a request facade to
allow actions to be invoked during certain errors, such as not being logged in.

If your session times out and you request something like:

  http://www.example.com/admin/user/edit?id=3

and the JCatapult Security framework uses a facade to invoke the
/not-logged-in action, that action will fail unless it contains a property
named *id*. 

In order to fix this, JCatapult Security needs to hide the original request
parameters when using a facade in specific cases and reveal them in others.

Original issue reported on code.google.com by bpontare...@gmail.com on 9 Jul 2008 at 10:48

GoogleCodeExporter commented 8 years ago 
Changed JCatapult Security so that it correctly hides original request 
parameters in
these cases:

  /not-logged-in
  /not-authorized
  /login-success

These cases still reveal the original request parameters:

  /login-failed
  saved request

Original comment by bpontare...@gmail.com on 9 Jul 2008 at 10:51