You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Ersin Er (JIRA)" <ji...@apache.org> on 2007/07/04 15:10:04 UTC
[jira] Created: (DIRSERVER-989) allAttributeValues protected item
is not handled correctly by the Authorization subsystem in Modify
operations
allAttributeValues protected item is not handled correctly by the Authorization subsystem in Modify operations
--------------------------------------------------------------------------------------------------------------
Key: DIRSERVER-989
URL: https://issues.apache.org/jira/browse/DIRSERVER-989
Project: Directory ApacheDS
Issue Type: Bug
Components: core
Affects Versions: 1.5.0, 1.0.2
Reporter: Ersin Er
Fix For: 1.5.1, 1.0.3
allAttributeValues protectedItem only applies to attribute values, not attribute types. So if grantAdd is permitted only for allAttributeValue, only a new value to an existing attribute can be added. To create a new attribute with an initial value, grantAdd permission is needed for both the attribute type and the value. This can be achieved with several combinations like {attributeType{X}, attributeValue{Y}}, {attributeType{X}, allAttributeValues}, {allAttributeTypes, attributeValues}, {allUserAttributeValuesAndTypes}. The same approach applies to modifications including deletes.
The explanations here are based on the Security chapter of the X.500 spec and and the related chapter in the X.500 book by Chadwick.
To comply with this approach, modify operations should be handled with more granularity in the AuthorizationService and some existing unit tests need to be updated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (DIRSERVER-989) allAttributeValues protected item
is not handled correctly by the Authorization subsystem in Modify
operations
Posted by "Ersin Er (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ersin Er resolved DIRSERVER-989.
--------------------------------
Resolution: Fixed
> allAttributeValues protected item is not handled correctly by the Authorization subsystem in Modify operations
> --------------------------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-989
> URL: https://issues.apache.org/jira/browse/DIRSERVER-989
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0.2, 1.5.0
> Reporter: Ersin Er
> Assignee: Ersin Er
> Fix For: 1.5.1, 1.0.3
>
>
> allAttributeValues protectedItem only applies to attribute values, not attribute types. So if grantAdd is permitted only for allAttributeValue, only a new value to an existing attribute can be added. To create a new attribute with an initial value, grantAdd permission is needed for both the attribute type and the value. This can be achieved with several combinations like {attributeType{X}, attributeValue{Y}}, {attributeType{X}, allAttributeValues}, {allAttributeTypes, attributeValues}, {allUserAttributeValuesAndTypes}. The same approach applies to modifications including deletes.
> The explanations here are based on the Security chapter of the X.500 spec and and the related chapter in the X.500 book by Chadwick.
> To comply with this approach, modify operations should be handled with more granularity in the AuthorizationService and some existing unit tests need to be updated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRSERVER-989) allAttributeValues protected item
is not handled correctly by the Authorization subsystem in Modify
operations
Posted by "Ersin Er (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-989?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510614 ]
Ersin Er commented on DIRSERVER-989:
------------------------------------
Note that this problem was not only related to allAttributeValues protected item, but also similar items like attributeValue. The problem has been fixed for all same kind of protected items.
> allAttributeValues protected item is not handled correctly by the Authorization subsystem in Modify operations
> --------------------------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-989
> URL: https://issues.apache.org/jira/browse/DIRSERVER-989
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0.2, 1.5.0
> Reporter: Ersin Er
> Assignee: Ersin Er
> Fix For: 1.5.1, 1.0.3
>
>
> allAttributeValues protectedItem only applies to attribute values, not attribute types. So if grantAdd is permitted only for allAttributeValue, only a new value to an existing attribute can be added. To create a new attribute with an initial value, grantAdd permission is needed for both the attribute type and the value. This can be achieved with several combinations like {attributeType{X}, attributeValue{Y}}, {attributeType{X}, allAttributeValues}, {allAttributeTypes, attributeValues}, {allUserAttributeValuesAndTypes}. The same approach applies to modifications including deletes.
> The explanations here are based on the Security chapter of the X.500 spec and and the related chapter in the X.500 book by Chadwick.
> To comply with this approach, modify operations should be handled with more granularity in the AuthorizationService and some existing unit tests need to be updated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRSERVER-989) allAttributeValues protected item
is not handled correctly by the Authorization subsystem in Modify
operations
Posted by "Ersin Er (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-989?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510195 ]
Ersin Er commented on DIRSERVER-989:
------------------------------------
Fixed for 1.5 trunks here: http://svn.apache.org/viewvc?view=rev&revision=553212
> allAttributeValues protected item is not handled correctly by the Authorization subsystem in Modify operations
> --------------------------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-989
> URL: https://issues.apache.org/jira/browse/DIRSERVER-989
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0.2, 1.5.0
> Reporter: Ersin Er
> Fix For: 1.5.1, 1.0.3
>
>
> allAttributeValues protectedItem only applies to attribute values, not attribute types. So if grantAdd is permitted only for allAttributeValue, only a new value to an existing attribute can be added. To create a new attribute with an initial value, grantAdd permission is needed for both the attribute type and the value. This can be achieved with several combinations like {attributeType{X}, attributeValue{Y}}, {attributeType{X}, allAttributeValues}, {allAttributeTypes, attributeValues}, {allUserAttributeValuesAndTypes}. The same approach applies to modifications including deletes.
> The explanations here are based on the Security chapter of the X.500 spec and and the related chapter in the X.500 book by Chadwick.
> To comply with this approach, modify operations should be handled with more granularity in the AuthorizationService and some existing unit tests need to be updated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (DIRSERVER-989) allAttributeValues protected item is
not handled correctly by the Authorization subsystem in Modify operations
Posted by "Ersin Er (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ersin Er closed DIRSERVER-989.
------------------------------
> allAttributeValues protected item is not handled correctly by the Authorization subsystem in Modify operations
> --------------------------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-989
> URL: https://issues.apache.org/jira/browse/DIRSERVER-989
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0.2, 1.5.0
> Reporter: Ersin Er
> Assignee: Ersin Er
> Fix For: 1.5.1, 1.0.3
>
>
> allAttributeValues protectedItem only applies to attribute values, not attribute types. So if grantAdd is permitted only for allAttributeValue, only a new value to an existing attribute can be added. To create a new attribute with an initial value, grantAdd permission is needed for both the attribute type and the value. This can be achieved with several combinations like {attributeType{X}, attributeValue{Y}}, {attributeType{X}, allAttributeValues}, {allAttributeTypes, attributeValues}, {allUserAttributeValuesAndTypes}. The same approach applies to modifications including deletes.
> The explanations here are based on the Security chapter of the X.500 spec and and the related chapter in the X.500 book by Chadwick.
> To comply with this approach, modify operations should be handled with more granularity in the AuthorizationService and some existing unit tests need to be updated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (DIRSERVER-989) allAttributeValues protected item
is not handled correctly by the Authorization subsystem in Modify
operations
Posted by "Ersin Er (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ersin Er reassigned DIRSERVER-989:
----------------------------------
Assignee: Ersin Er
> allAttributeValues protected item is not handled correctly by the Authorization subsystem in Modify operations
> --------------------------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-989
> URL: https://issues.apache.org/jira/browse/DIRSERVER-989
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0.2, 1.5.0
> Reporter: Ersin Er
> Assignee: Ersin Er
> Fix For: 1.5.1, 1.0.3
>
>
> allAttributeValues protectedItem only applies to attribute values, not attribute types. So if grantAdd is permitted only for allAttributeValue, only a new value to an existing attribute can be added. To create a new attribute with an initial value, grantAdd permission is needed for both the attribute type and the value. This can be achieved with several combinations like {attributeType{X}, attributeValue{Y}}, {attributeType{X}, allAttributeValues}, {allAttributeTypes, attributeValues}, {allUserAttributeValuesAndTypes}. The same approach applies to modifications including deletes.
> The explanations here are based on the Security chapter of the X.500 spec and and the related chapter in the X.500 book by Chadwick.
> To comply with this approach, modify operations should be handled with more granularity in the AuthorizationService and some existing unit tests need to be updated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DIRSERVER-989) allAttributeValues protected item
is not handled correctly by the Authorization subsystem in Modify
operations
Posted by "Ersin Er (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-989?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510613 ]
Ersin Er commented on DIRSERVER-989:
------------------------------------
Fixed for 1.0 here: http://svn.apache.org/viewvc?view=rev&revision=553786
> allAttributeValues protected item is not handled correctly by the Authorization subsystem in Modify operations
> --------------------------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-989
> URL: https://issues.apache.org/jira/browse/DIRSERVER-989
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0.2, 1.5.0
> Reporter: Ersin Er
> Assignee: Ersin Er
> Fix For: 1.5.1, 1.0.3
>
>
> allAttributeValues protectedItem only applies to attribute values, not attribute types. So if grantAdd is permitted only for allAttributeValue, only a new value to an existing attribute can be added. To create a new attribute with an initial value, grantAdd permission is needed for both the attribute type and the value. This can be achieved with several combinations like {attributeType{X}, attributeValue{Y}}, {attributeType{X}, allAttributeValues}, {allAttributeTypes, attributeValues}, {allUserAttributeValuesAndTypes}. The same approach applies to modifications including deletes.
> The explanations here are based on the Security chapter of the X.500 spec and and the related chapter in the X.500 book by Chadwick.
> To comply with this approach, modify operations should be handled with more granularity in the AuthorizationService and some existing unit tests need to be updated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.