Author: taylor Date: Wed Jan 27 00:02:46 2016 New Revision: 1726927 URL: http://svn.apache.org/viewvc?rev=1726927&view=rev Log: call standard checkPrivilege method for jetspeed rest apis, so that the proper UNAUTHORIZED status is returned
Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/UserManagerService.java Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/UserManagerService.java URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/UserManagerService.java?rev=1726927&r1=1726926&r2=1726927&view=diff ============================================================================== --- portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/UserManagerService.java (original) +++ portals/jetspeed-2/portal/trunk/components/jetspeed-portal/src/main/java/org/apache/jetspeed/services/rest/UserManagerService.java Wed Jan 27 00:02:46 2016 @@ -19,7 +19,6 @@ package org.apache.jetspeed.services.res import org.apache.jetspeed.Jetspeed; import org.apache.jetspeed.JetspeedActions; import org.apache.jetspeed.administration.PortalConfigurationConstants; -import org.apache.jetspeed.exception.JetspeedException; import org.apache.jetspeed.layout.PortletActionSecurityBehavior; import org.apache.jetspeed.om.folder.Folder; import org.apache.jetspeed.page.PageManager; @@ -28,7 +27,6 @@ import org.apache.jetspeed.profiler.Prof import org.apache.jetspeed.profiler.Profiler; import org.apache.jetspeed.profiler.rules.PrincipalRule; import org.apache.jetspeed.profiler.rules.ProfilingRule; -import org.apache.jetspeed.request.RequestContext; import org.apache.jetspeed.security.Group; import org.apache.jetspeed.security.GroupManager; import org.apache.jetspeed.security.JetspeedPrincipalQueryContext; @@ -558,14 +556,4 @@ public class UserManagerService extends return templates; } - protected void checkPrivilege(HttpServletRequest servletRequest, String action) - { - RequestContext requestContext = (RequestContext) servletRequest.getAttribute(RequestContext.REQUEST_PORTALENV); - - if (securityBehavior != null && !securityBehavior.checkAccess(requestContext, action)) - { - throw new WebApplicationException(new JetspeedException("Insufficient privilege to access this REST service.")); - } - } - } --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org