Re: Security "Mapping Only" Feature for Groups

[David Sean Taylor]

On Oct 31, 2007, at 1:16 PM, prasana wrote:

Thanks for the reply.

When I mentioned about Mapping Only Feature, I am talking about
"IS_MAPPING_ONLY" column in SECURITY_PRINCIPAL table.

The SecurityAccess Interface has both
setInternalUserPrincipal(InternalUserPrincipal, isMappingOnly) and
setInternalGroupPrincipal(InternalGroupPrincipal, isMappingOnly)  
methods.

From the DefaultSecurityMappingHandler setRolePrincipalInGroup() calls
setInternalGroupPrincipal() method always passes false for  
isMappingOnly.
commonQueries.setInternalGroupPrincipal(internalGroup, false);
If the group is not found, then it throws
SecurityException.GROUP_DOES_NOT_EXIST

But the DefaultSecurityMappingHandler setUserPrincipalInRolw() calls
setInternalUserPrincipal() method by passing false or true based on  
whether
the user already exists or not

The reason is I am trying to leave my users and groups in weblogic  
realm and
trying to maintain the roles in jetspeed. It looks like when I am  
trying to
assign a user to a role, it creates the user in SECURITY_PRINCIPAL  
table but
with the IS_MAPPING_ONLY flag as 1. But when I am trying to assign  
a group
to role, I am getting SecurityException.GROUP_DOES_NOT_EXIST
If jetspeed creates the group in SECURITY_PRINCIPAL table with the
IS_MAPPING_ONLY flag as 1 for this case, it will work fine. For  
that I need
to make modification to DefaultSecurityMappingHandler. I want to  
make sure
that is there any reason for this not to be implemented before.

Hope this helps about what I am trying to convey here.

Will this patch work for you?

    public void setRolePrincipalInGroup(String groupFullPathName,  
String roleFullPathName) throws SecurityException
    {
        InternalGroupPrincipal internalGroup =  
commonQueries.getInternalGroupPrincipal(GroupPrincipalImpl
                .getFullPathFromPrincipalName(groupFullPathName));
+        boolean isMappingOnly = false;
+        if (null == internalGroup)
+        {
+            // This is a record for mapping only.
+            isMappingOnly = true;
+            internalGroup = new InternalGroupPrincipalImpl 
(groupFullPathName);
+        }

-        if (null == internalGroup)
-        {
-            throw new SecurityException 
(SecurityException.GROUP_DOES_NOT_EXIST.create(groupFullPathName));
-        }

        Collection internalRoles = internalGroup.getRolePrincipals();
        InternalRolePrincipal internalRole =  
commonQueries.getInternalRolePrincipal(RolePrincipalImpl
                .getFullPathFromPrincipalName(roleFullPathName));
        internalRoles.add(internalRole);
        internalGroup.setRolePrincipals(internalRoles);
        commonQueries.setInternalGroupPrincipal(internalGroup, false);
    }