This is an automated email from the ASF dual-hosted git repository.
asf-gitbox-commits pushed a commit to branch
fix/v2-compat-karaf-admin-permissions
in repository https://gitbox.apache.org/repos/asf/unomi.git
The following commit(s) were added to
refs/heads/fix/v2-compat-karaf-admin-permissions by this push:
new 681d93926 Require admin role for JAAS auth on private endpoints in V2
compat mode
681d93926 is described below
commit 681d93926492b608e4894ebd87e53bbcc21734ba
Author: Serge Huber <[email protected]>
AuthorDate: Mon Jul 13 10:07:10 2026 +0200
Require admin role for JAAS auth on private endpoints in V2 compat mode
Any successfully JAAS-authenticated Karaf user (not just admins) was being
merged with tenant-admin permissions for the default tenant. Deny access
unless the JAAS subject actually holds ROLE_UNOMI_ADMIN, and drop the now
unused TenantPrincipal import.
Co-Authored-By: Claude Sonnet 5 <[email protected]>
---
.../unomi/rest/authentication/AuthenticationFilter.java | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git
a/rest/src/main/java/org/apache/unomi/rest/authentication/AuthenticationFilter.java
b/rest/src/main/java/org/apache/unomi/rest/authentication/AuthenticationFilter.java
index 91e550fc4..3c59c1cf6 100644
---
a/rest/src/main/java/org/apache/unomi/rest/authentication/AuthenticationFilter.java
+++
b/rest/src/main/java/org/apache/unomi/rest/authentication/AuthenticationFilter.java
@@ -25,7 +25,6 @@ import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.apache.karaf.jaas.boot.principal.UserPrincipal;
import org.apache.unomi.api.ExecutionContext;
import org.apache.unomi.api.security.SecurityService;
-import org.apache.unomi.api.security.TenantPrincipal;
import org.apache.unomi.api.security.UnomiRoles;
import org.apache.unomi.api.services.ExecutionContextManager;
import org.apache.unomi.api.tenants.ApiKey;
@@ -312,8 +311,17 @@ public class AuthenticationFilter implements
ContainerRequestFilter {
}
Subject jaasSubject = ((RolePrefixSecurityContextImpl)
securityContext).getSubject();
- // Build a merged subject that combines the JAAS principals
with a TenantPrincipal
- // for the default tenant, so that resolveTenantId() can find
it downstream.
+ // Private endpoints in V2 compatibility mode require system
administrator
+ // authentication (like V2) — a JAAS login alone isn't enough,
since any Karaf
+ // user (not just admins) can authenticate against the realm.
+ if
(!securityService.extractRolesFromSubject(jaasSubject).contains(UnomiRoles.ADMINISTRATOR))
{
+ logger.debug("V2 compatibility mode: authenticated user
lacks administrator role, denying access to private endpoint");
+ unauthorized(requestContext);
+ return;
+ }
+
+ // Build a merged subject that combines the JAAS principals
with tenant admin
+ // principals for the default tenant, so that
resolveTenantId() can find it downstream.
String defaultTenantId =
restAuthenticationConfig.getV2CompatibilityDefaultTenantId();
Subject mergedSubject = new Subject();
mergedSubject.getPrincipals().addAll(jaasSubject.getPrincipals());