mmoayyed commented on a change in pull request #176:
URL: https://github.com/apache/syncope/pull/176#discussion_r411943268
##########
File path:
core/am/logic/src/main/java/org/apache/syncope/core/logic/AuthModuleLogic.java
##########
@@ -60,7 +59,8 @@ public AuthModuleTO update(final AuthModuleTO authModuleTO) {
return
binder.getAuthModuleTO(authModuleDAO.save(binder.update(authModule,
authModuleTO)));
}
- @PreAuthorize("hasRole('" + AMEntitlement.AUTH_MODULE_LIST + "')")
+ @PreAuthorize("isAnonymous() or hasRole('" + AMEntitlement.AUTH_MODULE_LIST
Review comment:
The PropertySourceLocator fails to call `list()` on AuthModuleService
via the anonymous-user, and produces 403 error codes. Cross-checked with 1-2
other Logic components and they seem to follow a similar approach. Is there a
better alternative?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
