portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Orciuch (JIRA)" <jetspeed-...@jakarta.apache.org>
Subject [jira] Resolved: (JS1-536) Security constraint behaviour with group other than Jetspeed
Date Tue, 25 Jan 2005 23:54:17 GMT
     [ http://issues.apache.org/jira/browse/JS1-536?page=history ]
Mark Orciuch resolved JS1-536:

    Resolution: Fixed

Security check will now correctly handle described scenarios.

> Security constraint behaviour with group other than Jetspeed
> ------------------------------------------------------------
>          Key: JS1-536
>          URL: http://issues.apache.org/jira/browse/JS1-536
>      Project: Jetspeed
>         Type: Improvement
>   Components: Security
>     Versions: 1.6-dev
>     Reporter: Mark Orciuch
>     Assignee: Mark Orciuch
>      Fix For: 1.6

> This was originally reported by Jeremy Ford:
> <quote>
> I have a group G and a role R.  A user is assigned to group G and role R, 
> but they are not in the Jetspeed group.  I have a security entry stating 
> allow all actions for role R.
> When I try to view a psml with the security reference, the user cannot see 
> the psml.  The reason is that the check in BaseSecurityEntry checks the 
> grouprole access map.  The access map was loaded with the default Jetspeed 
> group because the group was not defined in the security entry.
> I would expect that the group role check would check all groups for the role 
> that I'm looking for.
> So, in allowsGroupRole it would go something like:
> allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
> if(!allow)
> allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, ALL_GROUPS+role, 
> if(!allow)
> allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+ALL_ROLES, 
> </quote>

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
If you want more information on JIRA, or have a bug to report see:

To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

View raw message