Details
-
Type:
Bug
-
Status:
Closed
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 1.9.93
-
Fix Version/s: 1.10.0
-
Component/s: Web UI - ACLs, Web UI - Dashboard
-
Security Level: Default (Default Security Scheme)
-
Labels:
Description
If you create a dashboard only user and login as that user it does take them directly to the dashboard as designed but, the other menus no longer produce an Access Denied page except their submenus and the main node list menu item produces the following error in the UI:
Problem accessing /opennms/accessDenied.jsp. Reason:
Not Found
I see 3 problems: 1) this jsp is missing, 2) the top level menus are accessible, and 3) something changed for which we don't have a test/smoke test.
David
Problem accessing /opennms/accessDenied.jsp. Reason:
Not Found
I see 3 problems: 1) this jsp is missing, 2) the top level menus are accessible, and 3) something changed for which we don't have a test/smoke test.
David
The problem with "Access Denied" is related with a bug in Spring Security fixed in 2.0.7:
https://jira.springsource.org/browse/SEC/fixforversion/11777
I compiled OpenNMS against spring-security 2.0.7 and now the accessDenied.jsp is properly displayed.
So, after upgrading spring security, for the dashboard only users, the access denied page is displayed every time the user click on something different to "dashboard" in the menu.