[Bug 65351] Regression in UserDatabaseRealm: Groups are no longer considered in hasRole
https://bz.apache.org/bugzilla/show_bug.cgi?id=65351 --- Comment #6 from Remy Maucherat --- This was done then: https://bz.apache.org/bugzilla/show_bug.cgi?id=58590 But the documentation is not up to date: http://tomcat.apache.org/tomcat-10.0-doc/realm-howto.html#UserDatabaseRealm -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65351] Regression in UserDatabaseRealm: Groups are no longer considered in hasRole
https://bz.apache.org/bugzilla/show_bug.cgi?id=65351 --- Comment #5 from cklein05 --- BTW, MemoryUserDatabase seems to support being not read-only as well as automatically reloading stuff from tomcat-users.xml when configured appropriately. @See MemoryUserDatabaseFactory.getObjectInstance @see MemoryUserDatabase.backgroundProcess Shouldn't we check whether all this works correctly and mention that feature in the documentation? Maybe nobody uses that just due to lack of documentation? At first glance, the code looks quite reasoned. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65351] Regression in UserDatabaseRealm: Groups are no longer considered in hasRole
https://bz.apache.org/bugzilla/show_bug.cgi?id=65351 --- Comment #4 from Remy Maucherat --- (In reply to cklein05 from comment #3) > If you really want to remove UserDatabaseRealm, could this probably be done > AFTER my enhancement is in place (hopefully) and ported back to the other > versions? You have more than enough time to do anything you like ! Even if it gets removed (maybe ...) it would still take a while. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65351] Regression in UserDatabaseRealm: Groups are no longer considered in hasRole
https://bz.apache.org/bugzilla/show_bug.cgi?id=65351 --- Comment #3 from cklein05 --- That way it should work again :) Nor sure whether I can help much with that decision. The UserDatabaseRealm is the default one and MemoryRealm's Realm states it's not intended for production use. Changing this will be a lot of work and could only be done for the HEAD version (otherwise we'll use the live update feature for existing setups - same as with my initial PR). Since I'm interested in porting back my enhancement (which now honors live updates of the UserDatabase with the UserDatabaseRealm as well), I favor a solution that works for all versions of Tomcat. Also, for my mind, MemoryRealm has some more drawbacks so, I don't recommend making it the new standard Realm: - Unfortunate realm name: People know what a UserDatabase is. Although they might as well know what Memory is, due to the realm's name it's not so obvious, that this Realm is feed by the tomcat-users.xml file. - Location of the XML file must/could explicitly be specified by the (real) path through the 'pathname' configuration attribute. It's no JNDI resource. If you really want to remove UserDatabaseRealm, could this probably be done AFTER my enhancement is in place (hopefully) and ported back to the other versions? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65351] Regression in UserDatabaseRealm: Groups are no longer considered in hasRole
https://bz.apache.org/bugzilla/show_bug.cgi?id=65351 Remy Maucherat changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #2 from Remy Maucherat --- (In reply to cklein05 from comment #1) > Provided method was not complete, in order to test for all/effective roles, > of course (my bad). Testing explicitly assigned roles is still required so, > this should be the correct version: Makes sense. I simply took the original hasRole override code I removed for no reason. Seems like a case of badcutandpaste-itis. We still need to decide on what to do with the database realm, since without an expansion to more database types I cannot see what it can be used for. > public boolean isInEffectiveRole(Role role) { > if (isInRole(role)) { > return true; > } > synchronized (groups) { > for (Group group : groups) { > if (group.isInRole(role)) { > return true; > } > } > } > return false; > } -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65351] Regression in UserDatabaseRealm: Groups are no longer considered in hasRole
https://bz.apache.org/bugzilla/show_bug.cgi?id=65351 --- Comment #1 from cklein05 --- Provided method was not complete, in order to test for all/effective roles, of course (my bad). Testing explicitly assigned roles is still required so, this should be the correct version: public boolean isInEffectiveRole(Role role) { if (isInRole(role)) { return true; } synchronized (groups) { for (Group group : groups) { if (group.isInRole(role)) { return true; } } } return false; } -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org