[jira] Created: (JSPWIKI-673) Checking user permissions in a filter results in a loop

Wed, 01 Dec 2010 07:28:35 -0800 

Checking user permissions in a filter results in a loop
-------------------------------------------------------

                 Key: JSPWIKI-673
                 URL: https://issues.apache.org/jira/browse/JSPWIKI-673
             Project: JSPWiki
          Issue Type: Bug
          Components: Authentication&Authorization
    Affects Versions: 2.8.3
         Environment: OSX, Tomcat 6
            Reporter: Alex Legler


We're trying to determine whether a user has a certain permission in a filter 
using AuthorizationManager.checkPermission().
Calling this method however causes an endless loop:
It invokes DefaultAclManager.getPermissions() which tries to parse the page 
which in turn causes the filters to run.

Stacktrace excerpt:

...
        at de.d3web.we.jspwiki.KnowWEPlugin.preTranslate(KnowWEPlugin.java:309)
        at 
com.ecyrd.jspwiki.filters.FilterManager.doPreTranslateFiltering(FilterManager.java:326)
        at com.ecyrd.jspwiki.WikiEngine.textToHTML(WikiEngine.java:1511)
        at com.ecyrd.jspwiki.WikiEngine.getHTML(WikiEngine.java:1455)
        at 
com.ecyrd.jspwiki.auth.acl.DefaultAclManager.getPermissions(DefaultAclManager.java:187)
        at 
com.ecyrd.jspwiki.auth.AuthorizationManager.checkPermission(AuthorizationManager.java:222)
        (more of our code, including the call to checkPermission())
        at de.d3web.we.jspwiki.KnowWEPlugin.preTranslate(KnowWEPlugin.java:309)
        at 
com.ecyrd.jspwiki.filters.FilterManager.doPreTranslateFiltering(FilterManager.java:326)
        at com.ecyrd.jspwiki.WikiEngine.textToHTML(WikiEngine.java:1511)
        at com.ecyrd.jspwiki.WikiEngine.getHTML(WikiEngine.java:1455)
        at 
com.ecyrd.jspwiki.auth.acl.DefaultAclManager.getPermissions(DefaultAclManager.java:187)
        at 
com.ecyrd.jspwiki.auth.AuthorizationManager.checkPermission(AuthorizationManager.java:222)
...

The context used in DefaultAclManager.getPermissions() includes the following 
setting:

                ctx.setVariable( RenderingManager.VAR_EXECUTE_PLUGINS, 
Boolean.FALSE );

Maybe filters can be disabled in a similar fashion (I think that would be 
setting PROP_RUNFILTERS to false as well)?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to