Non-Authenticated Users Can Access Content Web URL Content in WebCenter Content: Records (WCCREC) (Doc ID 1616677.1)

Last updated on NOVEMBER 03, 2016

Applies to:

Oracle WebCenter Content: Records - Version 10.1.3.5.0 and later
Information in this document applies to any platform.

Symptoms

In the URM application, if any user obtains the Web URL for a piece of content within the URM application, they are able to view the item without any prompt to log into the system. No errors are thrown.

Steps to replicate
----------------------
1. Set the option: "SpecialAuthGroups=Public"
2. Create 3 supplemental markings: M1, M2, M3
3. Check in 3 items; one to each supplemental marking
4. Obtain the web URL for one of the items
5. On a new machine, ensured that you are not logged into WCCREC
6. Copied the web URL into the browser.... the content was displayed with no login challenge

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms