[ http://issues.apache.org/jira/browse/JS1-536?page=history ]
Mark Orciuch resolved JS1-536:
------------------------------
Resolution: Fixed
Security check will now correctly handle described scenarios.
> Security constraint behaviour with group other than Jetspeed
> ------------------------------------------------------------
>
> Key: JS1-536
> URL: http://issues.apache.org/jira/browse/JS1-536
> Project: Jetspeed
> Type: Improvement
> Components: Security
> Versions: 1.6-dev
> Reporter: Mark Orciuch
> Assignee: Mark Orciuch
> Fix For: 1.6
>
> This was originally reported by Jeremy Ford:
> <quote>
> I have a group G and a role R. A user is assigned to group G and role R,
> but they are not in the Jetspeed group. I have a security entry stating
> allow all actions for role R.
> When I try to view a psml with the security reference, the user cannot see
> the psml. The reason is that the check in BaseSecurityEntry checks the
> grouprole access map. The access map was loaded with the default Jetspeed
> group because the group was not defined in the security entry.
> I would expect that the group role check would check all groups for the role
> that I'm looking for.
> So, in allowsGroupRole it would go something like:
> allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
> if(!allow)
> allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, ALL_GROUPS+role,
> ALL_GROUP_ROLES);
> if(!allow)
> allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+ALL_ROLES,
> ALL_GROUP_ROLES);
> </quote>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
