portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From morci...@apache.org
Subject cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base BaseSecurityEntry.java
Date Tue, 25 Jan 2005 23:45:29 GMT
morciuch    2005/01/25 15:45:29

  Modified:    src/java/org/apache/jetspeed/om/registry/base
                        BaseSecurityEntry.java
  Log:
  Changed security constraint behaviour with group other than Jetspeed. See http://issues.apache.org/jira/browse/JS1-536
for details.
  
  Revision  Changes    Path
  1.18      +26 -4     jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/BaseSecurityEntry.java
  
  Index: BaseSecurityEntry.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/om/registry/base/BaseSecurityEntry.java,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- BaseSecurityEntry.java	13 Jul 2004 22:59:34 -0000	1.17
  +++ BaseSecurityEntry.java	25 Jan 2005 23:45:28 -0000	1.18
  @@ -239,7 +239,18 @@
   
   		// Checked action
   		allowMap = (Map) accessMap.get(action);
  -		allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
  +		allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES); // Exact
group+role match
  +		if (allow == true)
  +		{
  +			return allow;
  +		}
  +
  +		allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, ALL_GROUPS+role, ALL_GROUP_ROLES); //
Match role within any group
  +		if (allow == true)
  +		{
  +			return allow;
  +		}
  +		allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+ALL_ROLES, ALL_GROUP_ROLES); //
Match group regardless of role
   		if (allow == true)
   		{
   			return allow;
  @@ -247,7 +258,18 @@
   
   		// Checked all actions
   		allowMap = (Map) accessMap.get(ALL_ACTIONS);
  -		allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
  +		allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES); // Exact
group+role match
  +		if (allow == true)
  +		{
  +			return allow;
  +		}
  +
  +		allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, ALL_GROUPS+role, ALL_GROUP_ROLES); //
Match role regardless of group
  +		if (allow == true)
  +		{
  +			return allow;
  +		}
  +		allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+ALL_ROLES, ALL_GROUP_ROLES); //
Match group regardless of role
   
   		// Not allowed
   		return allow;
  @@ -877,6 +899,7 @@
   
               // Add Role
               role = allowElement.getRole();
  +			group = allowElement.getGroup();            
               if (role != null)
               {
               	// Role map
  @@ -904,7 +927,6 @@
               }
   
   			// Add Group
  -			group = allowElement.getGroup();
   			if (group != null)
   			{
   				// Group map
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message