The attached patch makes a change to how ACLs are loaded from database, to allow a single ACL to be specified across several values.
Thanks, Fraser
From 1fd4824d8b46d995286e5bad689e903e5e954831 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Tue, 15 Mar 2016 18:22:02 +1100 Subject: [PATCH] Allow multiple ACLs of same name (union of rules) Several lightweight CA ACLs share the 'certServer.ca.authorities' name, but when loading ACLs each load overwrites the previous. If multiple resourceACLS values have the same name, instead of replacing the existing ACL with the new one, add the rules to the existing ACL. Part of: https://fedorahosted.org/pki/ticket/1625 --- .../cms/src/com/netscape/cms/authorization/AAclAuthz.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/base/server/cms/src/com/netscape/cms/authorization/AAclAuthz.java b/base/server/cms/src/com/netscape/cms/authorization/AAclAuthz.java index 089cca9bea9f7cfcdac65f6023060109eb6b8d10..400649cd53ca5801af6af216f8145d265c5d52f4 100644 --- a/base/server/cms/src/com/netscape/cms/authorization/AAclAuthz.java +++ b/base/server/cms/src/com/netscape/cms/authorization/AAclAuthz.java @@ -160,7 +160,15 @@ public abstract class AAclAuthz { ACL acl = (ACL) CMS.parseACL(resACLs); if (acl != null) { - mACLs.put(acl.getName(), acl); + ACL curACL = mACLs.get(acl.getName()); + if (curACL == null) { + mACLs.put(acl.getName(), acl); + } else { + Enumeration<ACLEntry> entries = acl.entries(); + while (entries.hasMoreElements()) { + curACL.addEntry(entries.nextElement()); + } + } } else { log(ILogger.LL_FAILURE, "parseACL failed"); } -- 2.5.0
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
