Repository: usergrid Updated Branches: refs/heads/hotfix-20160819 f890e05ef -> 12c88bd77
Ensure database/setup and database/bootstrap will work if superuser has not yet been provisioned. Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/12c88bd7 Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/12c88bd7 Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/12c88bd7 Branch: refs/heads/hotfix-20160819 Commit: 12c88bd774ccc5828750c91fddbaeeb402f8f53c Parents: f890e05 Author: Michael Russo <[email protected]> Authored: Sat Sep 10 11:51:09 2016 -0700 Committer: Michael Russo <[email protected]> Committed: Sat Sep 10 11:51:09 2016 -0700 ---------------------------------------------------------------------- .../rest/security/shiro/filters/BasicAuthSecurityFilter.java | 5 ++++- .../java/org/apache/usergrid/services/AbstractService.java | 8 ++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/12c88bd7/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java index 8eb03cf..c3efec1 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/BasicAuthSecurityFilter.java @@ -86,8 +86,11 @@ public class BasicAuthSecurityFilter extends SecurityFilter { } try { + String rawPath = request.getUriInfo().getAbsolutePath().getRawPath(); // make sure the sysadmin can be provisioned, we've already done a user/pass check - if(request.getUriInfo().getAbsolutePath().getRawPath().contains("superuser/setup")){ + if(rawPath.contains("superuser/setup") || rawPath.contains("database/setup") || + rawPath.contains("database/bootstrap")){ + management.provisionSuperuser(); } http://git-wip-us.apache.org/repos/asf/usergrid/blob/12c88bd7/stack/services/src/main/java/org/apache/usergrid/services/AbstractService.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/services/AbstractService.java b/stack/services/src/main/java/org/apache/usergrid/services/AbstractService.java index c627730..6736894 100644 --- a/stack/services/src/main/java/org/apache/usergrid/services/AbstractService.java +++ b/stack/services/src/main/java/org/apache/usergrid/services/AbstractService.java @@ -48,6 +48,7 @@ import rx.Subscriber; import java.util.*; import static org.apache.usergrid.security.shiro.utils.SubjectUtils.getPermissionFromPath; +import static org.apache.usergrid.security.shiro.utils.SubjectUtils.isServiceAdmin; import static org.apache.usergrid.services.ServiceParameter.filter; import static org.apache.usergrid.services.ServiceParameter.mergeQueries; import static org.apache.usergrid.utils.ClassUtils.cast; @@ -1353,6 +1354,13 @@ public abstract class AbstractService implements Service { return; } + if( isServiceAdmin() ){ + if(logger.isDebugEnabled()){ + logger.debug("Subject is the sysadmin, short-circuiting and allowing access"); + } + return; + } + String perm = getPermissionFromPath( em.getApplicationRef().getUuid(), context.getAction().toString().toLowerCase(), path ); boolean permitted = currentUser.isPermitted( perm );
