Security constraint behaviour with group other than Jetspeed
------------------------------------------------------------
Key: JS1-536
URL: http://issues.apache.org/jira/browse/JS1-536
Project: Jetspeed
Type: Improvement
Components: Security
Versions: 1.6-dev
Reporter: Mark Orciuch
Assigned to: Mark Orciuch
Fix For: 1.6
This was originally reported by Jeremy Ford:
<quote>
I have a group G and a role R. A user is assigned to group G and role R,
but they are not in the Jetspeed group. I have a security entry stating
allow all actions for role R.
When I try to view a psml with the security reference, the user cannot see
the psml. The reason is that the check in BaseSecurityEntry checks the
grouprole access map. The access map was loaded with the default Jetspeed
group because the group was not defined in the security entry.
I would expect that the group role check would check all groups for the role
that I'm looking for.
So, in allowsGroupRole it would go something like:
allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
if(!allow)
allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, ALL_GROUPS+role,
ALL_GROUP_ROLES);
if(!allow)
allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+ALL_ROLES,
ALL_GROUP_ROLES);
</quote>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
