portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Sean Taylor <da...@bluesunrise.com>
Subject Re: Security "Mapping Only" Feature for Groups
Date Sat, 03 Nov 2007 23:10:54 GMT

On Oct 31, 2007, at 1:16 PM, prasana wrote:

>
> Thanks for the reply.
>
> When I mentioned about Mapping Only Feature, I am talking about
> "IS_MAPPING_ONLY" column in SECURITY_PRINCIPAL table.
>
> The SecurityAccess Interface has both
> setInternalUserPrincipal(InternalUserPrincipal, isMappingOnly) and
> setInternalGroupPrincipal(InternalGroupPrincipal, isMappingOnly)  
> methods.
>
> From the DefaultSecurityMappingHandler setRolePrincipalInGroup() calls
> setInternalGroupPrincipal() method always passes false for  
> isMappingOnly.
> commonQueries.setInternalGroupPrincipal(internalGroup, false);
> If the group is not found, then it throws
> SecurityException.GROUP_DOES_NOT_EXIST
>
> But the DefaultSecurityMappingHandler setUserPrincipalInRolw() calls
> setInternalUserPrincipal() method by passing false or true based on  
> whether
> the user already exists or not
>
> The reason is I am trying to leave my users and groups in weblogic  
> realm and
> trying to maintain the roles in jetspeed. It looks like when I am  
> trying to
> assign a user to a role, it creates the user in SECURITY_PRINCIPAL  
> table but
> with the IS_MAPPING_ONLY flag as 1. But when I am trying to assign  
> a group
> to role, I am getting SecurityException.GROUP_DOES_NOT_EXIST
> If jetspeed creates the group in SECURITY_PRINCIPAL table with the
> IS_MAPPING_ONLY flag as 1 for this case, it will work fine. For  
> that I need
> to make modification to DefaultSecurityMappingHandler. I want to  
> make sure
> that is there any reason for this not to be implemented before.
>
> Hope this helps about what I am trying to convey here.
>
Will this patch work for you?

     public void setRolePrincipalInGroup(String groupFullPathName,  
String roleFullPathName) throws SecurityException
     {
         InternalGroupPrincipal internalGroup =  
commonQueries.getInternalGroupPrincipal(GroupPrincipalImpl
                 .getFullPathFromPrincipalName(groupFullPathName));
+        boolean isMappingOnly = false;
+        if (null == internalGroup)
+        {
+            // This is a record for mapping only.
+            isMappingOnly = true;
+            internalGroup = new InternalGroupPrincipalImpl 
(groupFullPathName);
+        }

-        if (null == internalGroup)
-        {
-            throw new SecurityException 
(SecurityException.GROUP_DOES_NOT_EXIST.create(groupFullPathName));
-        }

         Collection internalRoles = internalGroup.getRolePrincipals();
         InternalRolePrincipal internalRole =  
commonQueries.getInternalRolePrincipal(RolePrincipalImpl
                 .getFullPathFromPrincipalName(roleFullPathName));
         internalRoles.add(internalRole);
         internalGroup.setRolePrincipals(internalRoles);
         commonQueries.setInternalGroupPrincipal(internalGroup, false);
     }








Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message