[Geoserver-devel] [JIRA] (GEOS-7803) GeoFence Embedder does not check for plain Rule Services

GeoServer GeoServer Developer
1

Alessio Fabiani created an issue

GeoServer / ImprovementGEOS-7803

GeoFence Embedder does not check for plain Rule Services

Issue Type:

ImprovementImprovement

Affects Versions:

2.10-RC1, 2.9.2

Assignee:

Alessio Fabiani

Components:

Community modules, GeoFence, Security

Created:

19/Oct/16 12:54 PM

Fix Versions:

2.10.0, 2.9.3, 2.11-beta

Priority:

MediumMedium

Reporter:

Alessio Fabiani

GeoFence Server InternalUserResolver currently checks only User Group Services

for (String serviceName : securityManager.listUserGroupServices()) {

this completely ignoring roles associate to users from a plain Role Service.

The proposal is to add a check for Role Services too

for (String roleServiceName : securityManager.listRoleServices()) {
if (securityManager.loadRoleService(roleServiceName).getRolesForUser(username) != null &&
!securityManager.loadRoleService(roleServiceName).getRolesForUser(username).isEmpty())

{ return true; }

}

Add Comment

Add Comment

This message was sent by Atlassian JIRA (v1000.383.3#100014-sha1:d29f4bf)

Atlassian logo