cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base BaseSecurityEntry.java

Tue, 25 Jan 2005 15:45:31 -0800 

morciuch    2005/01/25 15:45:29

  Modified:    src/java/org/apache/jetspeed/om/registry/base
                        BaseSecurityEntry.java
  Log:
  Changed security constraint behaviour with group other than Jetspeed. See 
http://issues.apache.org/jira/browse/JS1-536 for details.
  
  Revision  Changes    Path
  1.18      +26 -4     
jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/BaseSecurityEntry.java
  
  Index: BaseSecurityEntry.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/BaseSecurityEntry.java,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- BaseSecurityEntry.java    13 Jul 2004 22:59:34 -0000      1.17
  +++ BaseSecurityEntry.java    25 Jan 2005 23:45:28 -0000      1.18
  @@ -239,7 +239,18 @@
   
                // Checked action
                allowMap = (Map) accessMap.get(action);
  -             allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, 
ALL_GROUP_ROLES);
  +             allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, 
ALL_GROUP_ROLES); // Exact group+role match
  +             if (allow == true)
  +             {
  +                     return allow;
  +             }
  +
  +             allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, ALL_GROUPS+role, 
ALL_GROUP_ROLES); // Match role within any group
  +             if (allow == true)
  +             {
  +                     return allow;
  +             }
  +             allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+ALL_ROLES, 
ALL_GROUP_ROLES); // Match group regardless of role
                if (allow == true)
                {
                        return allow;
  @@ -247,7 +258,18 @@
   
                // Checked all actions
                allowMap = (Map) accessMap.get(ALL_ACTIONS);
  -             allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, 
ALL_GROUP_ROLES);
  +             allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, 
ALL_GROUP_ROLES); // Exact group+role match
  +             if (allow == true)
  +             {
  +                     return allow;
  +             }
  +
  +             allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, ALL_GROUPS+role, 
ALL_GROUP_ROLES); // Match role regardless of group
  +             if (allow == true)
  +             {
  +                     return allow;
  +             }
  +             allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+ALL_ROLES, 
ALL_GROUP_ROLES); // Match group regardless of role
   
                // Not allowed
                return allow;
  @@ -877,6 +899,7 @@
   
               // Add Role
               role = allowElement.getRole();
  +                     group = allowElement.getGroup();            
               if (role != null)
               {
                // Role map
  @@ -904,7 +927,6 @@
               }
   
                        // Add Group
  -                     group = allowElement.getGroup();
                        if (group != null)
                        {
                                // Group map
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to