directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shawn McKinney (JIRA)" <j...@apache.org>
Subject [jira] [Created] (FC-74) DSD checking on hierarchical relationships incorrect
Date Sun, 01 Mar 2015 11:58:04 GMT
Shawn McKinney created FC-74:
--------------------------------

             Summary: DSD checking on hierarchical relationships incorrect
                 Key: FC-74
                 URL: https://issues.apache.org/jira/browse/FC-74
             Project: FORTRESS
          Issue Type: Bug
    Affects Versions: 1.0.0-RC39
            Reporter: Shawn McKinney
             Fix For: 1.0.0-RC40


Manually testing of fortress detected that did constraints between roles can be bypassed via
inheritance.  

For example this constraint:
  sdset name="Demo2DSD" 
  description="ROLE_TEST DATA roles are mutually exclusive" cardinality="2"
  setType="DYNAMIC"
  setmembers="PAGE1_123,PAGE1_456,PAGE1_789,
                         PAGE2_123,PAGE2_456,PAGE2_789,
                         PAGE3_123,PAGE3_456,PAGE3_789"/>

can be bypassed thru these inheritance relationships:

                <relationship child="PERSON1" parent="ROLE_PAGE1"/>
                <relationship child="PERSON1" parent="PAGE1_123"/>
                <relationship child="PERSON1" parent="PAGE1_456"/>
                <relationship child="PERSON1" parent="PAGE1_789"/>

and then assigning to user:
userrole userId="anyuser" name="PERSON1"

when user 'any user' logs on, and  activate person1 role, which bypasses the constraint checks
for dad on the roles person1 inherits.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message