[Issue 3630] New - Exception when no permission to project

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[Issue 3630] New - Exception when no permission to project

jpschewe
https://hudson.dev.java.net/issues/show_bug.cgi?id=3630
                 Issue #|3630
                 Summary|Exception when no permission to project
               Component|hudson
                 Version|current
                Platform|All
              OS/Version|All
                     URL|
                  Status|NEW
       Status whiteboard|
                Keywords|
              Resolution|
              Issue type|DEFECT
                Priority|P4
            Subcomponent|core
             Assigned to|issues@hudson
             Reported by|jpschewe






------- Additional comments from [hidden email] Tue May  5 13:30:38 +0000 2009 -------
When I click on a link on a build failed email and I haven't yet logged into
Hudson, I get an error page. There is no stack trace in the hudson log. I just a
page that says
Status Code: 404
Exception:
Stacktrace:

(none)


Generated by Winstone Servlet Engine v0.9.10 at Tue May 05 08:28:04 CDT 2009

I should instead get a login page as this project doesn't allow read access to
anonymous.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3630] Exception when no permission to project

mdonohue
https://hudson.dev.java.net/issues/show_bug.cgi?id=3630






------- Additional comments from [hidden email] Wed May  6 02:26:29 +0000 2009 -------
This is considered a feature rather than a bug.
See issue 2324 which was to add read permissions.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3630] Exception when no permission to project

gj-6
In reply to this post by jpschewe
https://hudson.dev.java.net/issues/show_bug.cgi?id=3630






------- Additional comments from [hidden email] Wed May  6 02:33:30 +0000 2009 -------
I agree with the reported that this should not be a 404. It should be a 401, and thus point to the login
screen.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3630] Exception when no permission to project

gj-6
In reply to this post by jpschewe
https://hudson.dev.java.net/issues/show_bug.cgi?id=3630






------- Additional comments from [hidden email] Wed May  6 02:33:33 +0000 2009 -------
I agree with the reporter that this should not be a 404. It should be a 401, and thus point to the login
screen.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3630] Exception when no permission to project

jpschewe
In reply to this post by jpschewe
https://hudson.dev.java.net/issues/show_bug.cgi?id=3630






------- Additional comments from [hidden email] Wed May  6 11:52:25 +0000 2009 -------
First question - Is this the standard 404 page? I ask because it just has an
empty stack trace on it, so it makes me wonder if the system is broken. Putting
a banner "Page not found", would be more useful.

Second, I would prefer that if you're not logged in you be redirected to the
login page. If you are logged in and you don't have permission, then put up a
generic page that says "You don't have permission to this page".

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3630] Exception when no permission to project

adphillips-2
In reply to this post by jpschewe
https://hudson.dev.java.net/issues/show_bug.cgi?id=3630






------- Additional comments from [hidden email] Mon Jun 29 18:10:24 +0000 2009 -------
Part of the criteria in my mind when implementing the read persmissions is that
we should give no indication that the project exists if the user does not have
permission to it.  IMO, hudson should act as if a non-existent page was
requested.  If that means routing back to login, that's cool.  I would just
rather not give someone who does not have credentials information that might
help them exploit the system.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Issue 3630] Exception when no permission to project

jpschewe
In reply to this post by jpschewe
https://hudson.dev.java.net/issues/show_bug.cgi?id=3630






------- Additional comments from [hidden email] Mon Jun 29 19:16:07 +0000 2009 -------
That sounds fine. I'd be perfectly happy with it redirecting to the login page. It would be nice if that then
forwarded to the right page like bugzilla does, however that may provide visibility into a project existing
that this particular logged in user is not supposed to know about.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]