[magnolia-dev] [JIRA] Created: (MAGNOLIA-4569) MgnlUser.hasRole is broken (more precisely RepositoryBackedSecurityManager.hasAny)

Sat, 06 Oct 2012 06:46:39 -0700 

MgnlUser.hasRole is broken (more precisely 
RepositoryBackedSecurityManager.hasAny)
----------------------------------------------------------------------------------

                 Key: MAGNOLIA-4569
                 URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-4569
             Project: Magnolia
          Issue Type: Bug
      Security Level: Public
          Components: security
    Affects Versions: 4.5.4
         Environment: osx-10.8.2 tomcat-7.0.29
            Reporter: Jonas Petersen
            Assignee: Philipp Bärfuss


MgnlUser.hasRole does never return true. A quick way to reproduce it is via 
groovy console on a fresh 4.5.4 install:
{noformat}
mgnl> user=ctx.getUser()
===> 
MgnlUser - superuser [51ae3379-67cf-4994-9e05-f97cb8bc3e4a]
mgnl> user.getAllRoles()
===> 
[superuser]
mgnl> user.hasRole("superuser")
===> 
false
mgnl>
{noformat}

Debugging shows that it fails at:

{noformat}
2012-10-06 13:31:34,067 DEBUG 
nolia.cms.security.RepositoryBackedSecurityManager: property 
/admin/superuser/roles/jcr:mixinTypes is a multi-valued property, so it's 
values can only be retrieved as an array
javax.jcr.ValueFormatException: property /admin/superuser/roles/jcr:mixinTypes 
is a multi-valued property, so it's values can only be retrieved as an array
        at 
org.apache.jackrabbit.core.PropertyImpl.internalGetValue(PropertyImpl.java:483)
        at 
org.apache.jackrabbit.core.PropertyImpl.getValue(PropertyImpl.java:510)
        at 
org.apache.jackrabbit.core.PropertyImpl.getString(PropertyImpl.java:520)
        at 
info.magnolia.cms.security.RepositoryBackedSecurityManager$1.exec(RepositoryBackedSecurityManager.java:106)
        at 
info.magnolia.cms.security.RepositoryBackedSecurityManager$1.exec(RepositoryBackedSecurityManager.java:90)
        at info.magnolia.cms.security.JCRSessionOp.exec(JCRSessionOp.java:69)
        at 
info.magnolia.context.MgnlContext.doInSystemContext(MgnlContext.java:403)
        at 
info.magnolia.context.MgnlContext.doInSystemContext(MgnlContext.java:376)
        at 
info.magnolia.cms.security.RepositoryBackedSecurityManager.hasAny(RepositoryBackedSecurityManager.java:90)
        at info.magnolia.cms.security.MgnlUser.hasRole(MgnlUser.java:168)
{noformat}

A workaround is:
{code}
user.getAllRoles().contains("superuser")
{code}


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       


----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------

Reply via email to