portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From prasana <prasan...@bluenog.com>
Subject Re: Security "Mapping Only" Feature for Groups
Date Mon, 05 Nov 2007 01:07:12 GMT

This is the same patch I came up here.
But in addition to making this changes, you need to make one more change
also.

Since calling the Constructor of InternalGroupPrincipalImpl(String fullPath)
+            internalGroup = new
InternalGroupPrincipalImpl(groupFullPathName);
will not instantiate the collection rolePrincipals, this will result in
NullPointerException in the following line.
Collection internalRoles = internalGroup.getRolePrincipals();

So in the Constructor of InternalGroupPrincipalImpl(String fullPath)
rolePrincipals collection needs to be instantiated.

    public InternalGroupPrincipalImpl(String fullPath)
    {
        super(GROUP_PRINCIPAL_CLASSNAME, fullPath);  
+          this.rolePrincipals = new ArrayList();        
    }

This will fix the NullPointerException exception

Thanks
Prasanna


David Sean Taylor wrote:
> 
> 
> On Oct 31, 2007, at 1:16 PM, prasana wrote:
> 
>>
>> Thanks for the reply.
>>
>> When I mentioned about Mapping Only Feature, I am talking about
>> "IS_MAPPING_ONLY" column in SECURITY_PRINCIPAL table.
>>
>> The SecurityAccess Interface has both
>> setInternalUserPrincipal(InternalUserPrincipal, isMappingOnly) and
>> setInternalGroupPrincipal(InternalGroupPrincipal, isMappingOnly)  
>> methods.
>>
>> From the DefaultSecurityMappingHandler setRolePrincipalInGroup() calls
>> setInternalGroupPrincipal() method always passes false for  
>> isMappingOnly.
>> commonQueries.setInternalGroupPrincipal(internalGroup, false);
>> If the group is not found, then it throws
>> SecurityException.GROUP_DOES_NOT_EXIST
>>
>> But the DefaultSecurityMappingHandler setUserPrincipalInRolw() calls
>> setInternalUserPrincipal() method by passing false or true based on  
>> whether
>> the user already exists or not
>>
>> The reason is I am trying to leave my users and groups in weblogic  
>> realm and
>> trying to maintain the roles in jetspeed. It looks like when I am  
>> trying to
>> assign a user to a role, it creates the user in SECURITY_PRINCIPAL  
>> table but
>> with the IS_MAPPING_ONLY flag as 1. But when I am trying to assign  
>> a group
>> to role, I am getting SecurityException.GROUP_DOES_NOT_EXIST
>> If jetspeed creates the group in SECURITY_PRINCIPAL table with the
>> IS_MAPPING_ONLY flag as 1 for this case, it will work fine. For  
>> that I need
>> to make modification to DefaultSecurityMappingHandler. I want to  
>> make sure
>> that is there any reason for this not to be implemented before.
>>
>> Hope this helps about what I am trying to convey here.
>>
> Will this patch work for you?
> 
>      public void setRolePrincipalInGroup(String groupFullPathName,  
> String roleFullPathName) throws SecurityException
>      {
>          InternalGroupPrincipal internalGroup =  
> commonQueries.getInternalGroupPrincipal(GroupPrincipalImpl
>                  .getFullPathFromPrincipalName(groupFullPathName));
> +        boolean isMappingOnly = false;
> +        if (null == internalGroup)
> +        {
> +            // This is a record for mapping only.
> +            isMappingOnly = true;
> +            internalGroup = new InternalGroupPrincipalImpl 
> (groupFullPathName);
> +        }
> 
> -        if (null == internalGroup)
> -        {
> -            throw new SecurityException 
> (SecurityException.GROUP_DOES_NOT_EXIST.create(groupFullPathName));
> -        }
> 
>          Collection internalRoles = internalGroup.getRolePrincipals();
>          InternalRolePrincipal internalRole =  
> commonQueries.getInternalRolePrincipal(RolePrincipalImpl
>                  .getFullPathFromPrincipalName(roleFullPathName));
>          internalRoles.add(internalRole);
>          internalGroup.setRolePrincipals(internalRoles);
>          commonQueries.setInternalGroupPrincipal(internalGroup, false);
>      }
> 
> 
> 
> 
> 
> 
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Security-%22Mapping-Only%22-Feature-for-Groups-tf4726066.html#a13579994
Sent from the Jetspeed - Dev mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message