Hi Radomir,
thanks for reporting this.
I'm going to raise a Jira. The Jira will contains the target fix version.
Regards
JB
On 09/22/2011 02:27 PM, Radomir Kadlec wrote:
Hello,
*I found 2 bugs in FlowRegistryImpl.*
I created this DefaultAuthorizationEntry:
<bean
class="org.apache.servicemix.nmr.core.security.DefaultAuthorizationEntry">
<property name="endpoint" value="*" />
<property name="rank" value="0" />
<property name="roles" value="admin" />
<property name="type" value="Set" />
</bean>
And the user becomes from LDAP the role "admin".
*But the authorization of the endpoint fails.*
I debugged Servicemix in Ecclipse and found this 2 bugs:
*BUG 1 *
Different principal objects for "admin" created:
a) The DefaultAuthorizationEntry creates *GroupPrincipal[admin]*
b) But the JAAS LDAPLoginModule creates *RolePrincipal[admin]*
Therefore FlowRegistryImpl.dispatch:98 find no matching roles in acls.
*BUG 2*
The FlowRegistryImpl.dispatch:92 reads the acls from
authorizationService.getAcls.
This acls are stored in cache in this service.
But on the line 98 when calling acls.retainAll is the content of acls
complet cleared (when no roles match).
When is the service called on second time, the authorizationService reads
the acls from its cache and the acls contains no entries any more. They were
cleared previously.
*Versions I used during the test:*
Servicemix 4.4.0-fuse-00-43
org.apache.karaf.jaas.modules 2.2.0-fuse-00-43
org.apache.servicemix.nmr.core 1.5.0-fuse-00-43
Can you tell mi please when and how will be a revision available?
Thank your,
Radomir
--
View this message in context:
http://servicemix.396122.n5.nabble.com/Bugs-in-DefaultAuthorizationEntry-FlowRegistryImpl-authoization-not-possible-tp4829958p4829958.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
