Massimiliano Perrone created SYNCOPE-707:
--------------------------------------------
Summary: ConfigurationLogin doesn't check the existence of key
during deletion.
Key: SYNCOPE-707
URL: https://issues.apache.org/jira/browse/SYNCOPE-707
Project: Syncope
Issue Type: Bug
Affects Versions: 2.0.0
Reporter: Massimiliano Perrone
Assignee: Massimiliano Perrone
Fix For: 2.0.0
When I try to delete a configuration I get always a valid response also when
the configuration key doesn't exist (while I was expecting a NotFound error).
Reading the code I found below difference from (1) ConfigurationLogic and, for
instance, (2) SchemaLogic classes:
(1)
@PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_DELETE + "')")
public void delete(final String schema) {
confDAO.delete(schema);
}
(2)
@PreAuthorize("hasRole('" + Entitlement.SCHEMA_DELETE + "')")
public void delete(final SchemaType schemaType, final String schemaName) {
if (!doesSchemaExist(schemaType, schemaName)) {
throw new NotFoundException(schemaType + "/" + schemaName);
}
switch (schemaType) {
case VIRTUAL:
virSchemaDAO.delete(schemaName);
break;
case DERIVED:
derSchemaDAO.delete(schemaName);
break;
case PLAIN:
default:
plainSchemaDAO.delete(schemaName);
}
}
As you can read the second class has a control on schema existence, the first
one hasn't.
We have to add the same check on the ConfigurationLogic class.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
