syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "fabio martelli (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SYNCOPE-905) Wrong entitlement evaluation
Date Thu, 14 Jul 2016 04:42:20 GMT

    [ https://issues.apache.org/jira/browse/SYNCOPE-905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15376301#comment-15376301
] 

fabio martelli commented on SYNCOPE-905:
----------------------------------------

Catch java.security.AccessControlException into the rest clients in order to be more robust
to such errors.
See user edit missing group, roles or resources entitlements.

> Wrong entitlement evaluation
> ----------------------------
>
>                 Key: SYNCOPE-905
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-905
>             Project: Syncope
>          Issue Type: Bug
>          Components: console
>    Affects Versions: 2.0.0-M4
>            Reporter: fabio martelli
>             Fix For: 2.0.0
>
>
> Perform an entitlement validation review in order to be compliant with the core one.
> For instance, it seems that user edit/create (available) button click results in an exception
returned by the core if the caller missing the right entitlements having USER_READ, USER_SEARCH
 and USER_LIST only.
> Further, GROUP tab under Realms page seems to be available missing GROUP entitlements
as well. Click on it results in an error.
> Furthermore, security question page seems to be available missing entitlements as well.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message