-
Type:
Defect
-
Resolution: Won't Do
-
Priority:
Standard
-
None
-
Affects Version/s: 2.0.76
-
Component/s: Authorization
-
None
-
Environment:Acadis
There were errors in the url rules in web-filters-security.xml for projects that got fixed for such urls (e.g /project/<name>/form/edit.html, /project/form/create.html)
However, there is now an error (ISE) that occurs with a url hack because the AccessDeniedController overrides the base AbstractController handleRequestInternal and demands a UUID for the datasetId. This of course is not provided in the case of a project (we use project short_name) so an NPE results.
This also happens if a user tries to hack to /cadis/root/index.html
However, there is now an error (ISE) that occurs with a url hack because the AccessDeniedController overrides the base AbstractController handleRequestInternal and demands a UUID for the datasetId. This of course is not provided in the case of a project (we use project short_name) so an NPE results.
This also happens if a user tries to hack to /cadis/root/index.html