Re: Error with REST users/username=X

Mon, 04 Mar 2013 05:21:54 -0800 

Hi Francesco,

Just looking at this logic again in UserDataBinder...

 Set<Long> roleIds = user.getRoleIds();
>  Set<Long> adminRoleIds =
> EntitlementUtil.getRoleIds(EntitlementUtil.getOwnedEntitlementNames());
>  roleIds.removeAll(adminRoleIds);
>

In my test-case, a user "alice" has role "read-role" with permission
"ROLE_READ". When I log on as "alice" when calling
"cxf/users?username=alice", "ROLE_READ" is returned from
EntitlementUtil.getOwnedEntitlementNames(), but as it isn't of the format
expected by EntitlementUtil.ROLE_ENTITLEMENT_NAME_PATTERN,
EntitlementUtil.getRoleIds(...) is empty.

Is this a bug - or am I missing something? If the user has a role with a
entitlement that does not match the reg exp, then an exception will always
be thrown in this class.

Colm.


On Wed, Feb 27, 2013 at 10:12 AM, Francesco Chicchiriccò <
ilgro...@apache.org> wrote:

> On 27/02/2013 16:10, Colm O hEigeartaigh wrote:
>
>> As per the discussions on SYNCOPE-324, I'm reading a user (from the new
>> API) via:
>>
>> users?username=X
>>
>> I am authenticating using the User's username/password and not the admin
>> user/password. I get an exception in the logs:
>>
>> org.apache.syncope.core.rest.**controller.**UnauthorizedRoleException:
>> Missing
>> entitlement for role(s) [100]
>>          at
>> org.apache.syncope.core.rest.**data.UserDataBinder.**getUserFromUsername(
>> **UserDataBinder.java:132)
>> ~[UserDataBinder.class:na]
>>
>> Syncope is set up with a single Role with no entitlements, and a single
>> User with that role, that I am authenticating as. In
>> UserDataBinder.**getUserFromUsername we have:
>>
>>          Set<Long> roleIds = user.getRoleIds();
>>          Set<Long> adminRoleIds =
>> EntitlementUtil.getRoleIds(**EntitlementUtil.**
>> getOwnedEntitlementNames());
>>          roleIds.removeAll(**adminRoleIds);
>>
>>          if (!roleIds.isEmpty()) {
>>              throw new UnauthorizedRoleException(**roleIds);
>>          }
>>
>> In this case, "adminRoleIds" is empty and so the exception is thrown. Any
>> ideas?
>>
>
> Hi Colm,
> for reading own roles, the same approach as per RoleController#selfRead
> should be implemented.
>
> Regards.
>
> --
> Francesco Chicchiriccò
>
> ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
> http://people.apache.org/~**ilgrosso/<http://people.apache.org/~ilgrosso/>
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to