Hi guys,
i might be mistaken but it seems like PortalSecurityPermissionCollection has a
bug in loadPermission method.
The error conditions are as follows
when a user is a memeber of several roles the loadPermission method constructs
permissions list which corresponds to the Role that appears to be first in the
set ("Roles" principal). As a result, if "Admin" is NOT the first role
returned, the user will not have the permissions granted to Admin role.
I've fixed this error in my source but not very clear where should I
post(publish) the fix.
below is the fixed loadPermission method
| protected void loadPermission(String permType, String uri) throws Exception
{
| String rootP = "/portalobject/";
| if (PermissionTypes.INSTANCE.equals(permType)) {
| rootP = "/instance/";
| }
|
| Enumeration roles = this.getAllRoles();
|
| this.permissionsList.clear();
|
| MBeanServer server = MBeanServerLocator.locateJBoss();
| ObjectName oname = new
ObjectName("portal:service=TreeCache,type=persistent");
| Fqn fqn = Fqn.fromString(rootP + uri);
|
| ObjectEntry oe = (ObjectEntry) server.invoke(oname, "get", new Object[]
{ fqn, "constraints" }, new String[] {
| "org.jboss.cache.Fqn", "java.lang.Object" });
| if (oe != null) {
| Set constraints = (Set) oe.getValue();
| int len = constraints != null ? constraints.size() : 0;
| Object[] scarr = constraints.toArray();
|
| // check if at lest one user Role has permissions fo the uri
| if (roles != null) {
| while (roles.hasMoreElements()) {
| Principal rolePrincipal = (Principal)
roles.nextElement();
| String role = rolePrincipal.getName();
|
| for (int i1 = 0; i1 < len; i1++) {
| SecurityConstraint sc =
(SecurityConstraint) scarr[i1];
| String scrole = sc.getRole();
| if
(scrole.equals(SecurityConstants.UNCHECKED_ROLE_NAME) == false &&
!role.equals(scrole))
| continue;
| Iterator iter =
sc.getActions().iterator();
| while (iter.hasNext()) {
| String actionstr = (String)
iter.next();
|
this.permissionsList.add(getPortalPermission(permType, actionstr, uri));
| }
| }
| }
| }
| }
| }
|
| private Enumeration getAllRoles() throws Exception {
| Subject subject = (Subject)
PolicyContext.getContext("javax.security.auth.Subject.container");
| log.debug("Subject=" + subject);
| Enumeration roles;
|
| List uncheckedRole = new LinkedList();
| uncheckedRole.add(new
SimpleGroup(SecurityConstants.UNCHECKED_ROLE_NAME));
| roles = Collections.enumeration(uncheckedRole);
|
| if (subject != null) {
| Set principals = subject.getPrincipals();
| Iterator iter = principals != null ? principals.iterator() :
null;
| while (iter != null && iter.hasNext()) {
| Principal p = (Principal) iter.next();
| if (p instanceof Group) {
| Group gp = (Group) p;
| if ("Roles".equals(gp.getName()) == false)
| continue;
| roles = gp.members();
| break;
| }
| }
| }
| return roles;
| }
|
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3926331#3926331
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3926331
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
