-
Defect
-
Resolution: Won't Do
-
Standard
-
None
-
2.0.76
-
None
-
Acadis
There were errors in the url rules in web-filters-security.xml for projects that got fixed for such urls (e.g /project/<name>/form/edit.html, /project/form/create.html)
However, there is now an error (ISE) that occurs with a url hack because the AccessDeniedController overrides the base AbstractController handleRequestInternal and demands a UUID for the datasetId. This of course is not provided in the case of a project (we use project short_name) so an NPE results.
This also happens if a user tries to hack to /cadis/root/index.html
However, there is now an error (ISE) that occurs with a url hack because the AccessDeniedController overrides the base AbstractController handleRequestInternal and demands a UUID for the datasetId. This of course is not provided in the case of a project (we use project short_name) so an NPE results.
This also happens if a user tries to hack to /cadis/root/index.html