Emanuele Tajariol created an issue |
Issue Type: |
Bug |
---|---|
Assignee: |
Unassigned |
Components: |
GeoFence |
Created: |
14/Mar/22 7:02 PM |
Priority: |
Medium |
Reporter: |
When the option “Use GeoServer roles to get authorizations” is used, the AccessManager should send a request to GeoFence specifying the role and requiring no user should be present in the matching rules. The method selecting role and user in the Rule is this one: https://github.com/geoserver/geoserver/blob/84557570531bda5d9ce03703bba379fb2a4b1cfa/src/extension/geofence/src/main/java/org/geoserver/geofence/GeofenceAccessManager.java#L569-L594 When the block
is selected, the user in the rule should also be set:
otherwise the default value ANY will remain as a filter in the rule, and the GeoFence rule engine will match also rules related to other users. In this log for instance:
we are requesting all the rules for role “UNKNOWN”. By looking for group matching, we should not match rules explicitely related to given users. In fact you can see that a Rule for user “admin” is matching, and it should not. |
Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS |
|
This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100197-sha1:81e20ed) |