portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeremy Ford (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Updated: (JS1-536) [FIX] Security constraint behaviour with group other than Jetspeed
Date Thu, 26 May 2005 03:34:17 GMT
     [ http://issues.apache.org/jira/browse/JS1-536?page=all ]

Jeremy Ford updated JS1-536:
----------------------------

    Summary: [FIX] Security constraint behaviour with group other than Jetspeed  (was: Security
constraint behaviour with group other than Jetspeed)

> [FIX] Security constraint behaviour with group other than Jetspeed
> ------------------------------------------------------------------
>
>          Key: JS1-536
>          URL: http://issues.apache.org/jira/browse/JS1-536
>      Project: Jetspeed
>         Type: Improvement
>   Components: Security
>     Versions: 1.6-dev
>     Reporter: Mark Orciuch
>     Assignee: Mark Orciuch
>      Fix For: 1.6

>
> This was originally reported by Jeremy Ford:
> <quote>
> I have a group G and a role R.  A user is assigned to group G and role R, 
> but they are not in the Jetspeed group.  I have a security entry stating 
> allow all actions for role R.
> When I try to view a psml with the security reference, the user cannot see 
> the psml.  The reason is that the check in BaseSecurityEntry checks the 
> grouprole access map.  The access map was loaded with the default Jetspeed 
> group because the group was not defined in the security entry.
> I would expect that the group role check would check all groups for the role 
> that I'm looking for.
> So, in allowsGroupRole it would go something like:
> allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
> if(!allow)
> allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, ALL_GROUPS+role, 
> ALL_GROUP_ROLES);
> if(!allow)
> allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+ALL_ROLES, 
> ALL_GROUP_ROLES);
> </quote>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message