You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by prasana <pr...@bluenog.com> on 2007/10/31 17:14:50 UTC
Security "Mapping Only" Feature for Groups
It looks like that Security Mapping only Feature exist for User Principal but
not for Group Principal.
Is there any reason behind not implementing this for Group Principal.
Thanks in advance.
Prasanna
--
View this message in context: http://www.nabble.com/Security-%22Mapping-Only%22-Feature-for-Groups-tf4726066.html#a13512776
Sent from the Jetspeed - Dev mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: Security "Mapping Only" Feature for Groups
Posted by David Sean Taylor <da...@bluesunrise.com>.
On Nov 4, 2007, at 5:07 PM, prasana wrote:
>
> This is the same patch I came up here.
> But in addition to making this changes, you need to make one more
> change
> also.
>
> Since calling the Constructor of InternalGroupPrincipalImpl(String
> fullPath)
> + internalGroup = new
> InternalGroupPrincipalImpl(groupFullPathName);
> will not instantiate the collection rolePrincipals, this will
> result in
> NullPointerException in the following line.
> Collection internalRoles = internalGroup.getRolePrincipals();
>
> So in the Constructor of InternalGroupPrincipalImpl(String fullPath)
> rolePrincipals collection needs to be instantiated.
>
> public InternalGroupPrincipalImpl(String fullPath)
> {
> super(GROUP_PRINCIPAL_CLASSNAME, fullPath);
> + this.rolePrincipals = new ArrayList();
> }
>
> This will fix the NullPointerException exception
>
Applied this patch amongst others. I've reopened the JIRA issue:
https://issues.apache.org/jira/browse/JS2-21
will be committing soon...
Re: Security "Mapping Only" Feature for Groups
Posted by prasana <pr...@bluenog.com>.
This is the same patch I came up here.
But in addition to making this changes, you need to make one more change
also.
Since calling the Constructor of InternalGroupPrincipalImpl(String fullPath)
+ internalGroup = new
InternalGroupPrincipalImpl(groupFullPathName);
will not instantiate the collection rolePrincipals, this will result in
NullPointerException in the following line.
Collection internalRoles = internalGroup.getRolePrincipals();
So in the Constructor of InternalGroupPrincipalImpl(String fullPath)
rolePrincipals collection needs to be instantiated.
public InternalGroupPrincipalImpl(String fullPath)
{
super(GROUP_PRINCIPAL_CLASSNAME, fullPath);
+ this.rolePrincipals = new ArrayList();
}
This will fix the NullPointerException exception
Thanks
Prasanna
David Sean Taylor wrote:
>
>
> On Oct 31, 2007, at 1:16 PM, prasana wrote:
>
>>
>> Thanks for the reply.
>>
>> When I mentioned about Mapping Only Feature, I am talking about
>> "IS_MAPPING_ONLY" column in SECURITY_PRINCIPAL table.
>>
>> The SecurityAccess Interface has both
>> setInternalUserPrincipal(InternalUserPrincipal, isMappingOnly) and
>> setInternalGroupPrincipal(InternalGroupPrincipal, isMappingOnly)
>> methods.
>>
>> From the DefaultSecurityMappingHandler setRolePrincipalInGroup() calls
>> setInternalGroupPrincipal() method always passes false for
>> isMappingOnly.
>> commonQueries.setInternalGroupPrincipal(internalGroup, false);
>> If the group is not found, then it throws
>> SecurityException.GROUP_DOES_NOT_EXIST
>>
>> But the DefaultSecurityMappingHandler setUserPrincipalInRolw() calls
>> setInternalUserPrincipal() method by passing false or true based on
>> whether
>> the user already exists or not
>>
>> The reason is I am trying to leave my users and groups in weblogic
>> realm and
>> trying to maintain the roles in jetspeed. It looks like when I am
>> trying to
>> assign a user to a role, it creates the user in SECURITY_PRINCIPAL
>> table but
>> with the IS_MAPPING_ONLY flag as 1. But when I am trying to assign
>> a group
>> to role, I am getting SecurityException.GROUP_DOES_NOT_EXIST
>> If jetspeed creates the group in SECURITY_PRINCIPAL table with the
>> IS_MAPPING_ONLY flag as 1 for this case, it will work fine. For
>> that I need
>> to make modification to DefaultSecurityMappingHandler. I want to
>> make sure
>> that is there any reason for this not to be implemented before.
>>
>> Hope this helps about what I am trying to convey here.
>>
> Will this patch work for you?
>
> public void setRolePrincipalInGroup(String groupFullPathName,
> String roleFullPathName) throws SecurityException
> {
> InternalGroupPrincipal internalGroup =
> commonQueries.getInternalGroupPrincipal(GroupPrincipalImpl
> .getFullPathFromPrincipalName(groupFullPathName));
> + boolean isMappingOnly = false;
> + if (null == internalGroup)
> + {
> + // This is a record for mapping only.
> + isMappingOnly = true;
> + internalGroup = new InternalGroupPrincipalImpl
> (groupFullPathName);
> + }
>
> - if (null == internalGroup)
> - {
> - throw new SecurityException
> (SecurityException.GROUP_DOES_NOT_EXIST.create(groupFullPathName));
> - }
>
> Collection internalRoles = internalGroup.getRolePrincipals();
> InternalRolePrincipal internalRole =
> commonQueries.getInternalRolePrincipal(RolePrincipalImpl
> .getFullPathFromPrincipalName(roleFullPathName));
> internalRoles.add(internalRole);
> internalGroup.setRolePrincipals(internalRoles);
> commonQueries.setInternalGroupPrincipal(internalGroup, false);
> }
>
>
>
>
>
>
>
>
>
--
View this message in context: http://www.nabble.com/Security-%22Mapping-Only%22-Feature-for-Groups-tf4726066.html#a13579994
Sent from the Jetspeed - Dev mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: Security "Mapping Only" Feature for Groups
Posted by David Sean Taylor <da...@bluesunrise.com>.
replace:
> commonQueries.setInternalGroupPrincipal(internalGroup, false);
with:
commonQueries.setInternalGroupPrincipal(internalGroup,
isMappingOnly);
--
David Sean Taylor
Bluesunrise Software
david@bluesunrise.com
[office] +01 707 773-4646
[mobile] +01 707 529 9194
Re: Security "Mapping Only" Feature for Groups
Posted by David Sean Taylor <da...@bluesunrise.com>.
On Oct 31, 2007, at 1:16 PM, prasana wrote:
>
> Thanks for the reply.
>
> When I mentioned about Mapping Only Feature, I am talking about
> "IS_MAPPING_ONLY" column in SECURITY_PRINCIPAL table.
>
> The SecurityAccess Interface has both
> setInternalUserPrincipal(InternalUserPrincipal, isMappingOnly) and
> setInternalGroupPrincipal(InternalGroupPrincipal, isMappingOnly)
> methods.
>
> From the DefaultSecurityMappingHandler setRolePrincipalInGroup() calls
> setInternalGroupPrincipal() method always passes false for
> isMappingOnly.
> commonQueries.setInternalGroupPrincipal(internalGroup, false);
> If the group is not found, then it throws
> SecurityException.GROUP_DOES_NOT_EXIST
>
> But the DefaultSecurityMappingHandler setUserPrincipalInRolw() calls
> setInternalUserPrincipal() method by passing false or true based on
> whether
> the user already exists or not
>
> The reason is I am trying to leave my users and groups in weblogic
> realm and
> trying to maintain the roles in jetspeed. It looks like when I am
> trying to
> assign a user to a role, it creates the user in SECURITY_PRINCIPAL
> table but
> with the IS_MAPPING_ONLY flag as 1. But when I am trying to assign
> a group
> to role, I am getting SecurityException.GROUP_DOES_NOT_EXIST
> If jetspeed creates the group in SECURITY_PRINCIPAL table with the
> IS_MAPPING_ONLY flag as 1 for this case, it will work fine. For
> that I need
> to make modification to DefaultSecurityMappingHandler. I want to
> make sure
> that is there any reason for this not to be implemented before.
>
> Hope this helps about what I am trying to convey here.
>
Will this patch work for you?
public void setRolePrincipalInGroup(String groupFullPathName,
String roleFullPathName) throws SecurityException
{
InternalGroupPrincipal internalGroup =
commonQueries.getInternalGroupPrincipal(GroupPrincipalImpl
.getFullPathFromPrincipalName(groupFullPathName));
+ boolean isMappingOnly = false;
+ if (null == internalGroup)
+ {
+ // This is a record for mapping only.
+ isMappingOnly = true;
+ internalGroup = new InternalGroupPrincipalImpl
(groupFullPathName);
+ }
- if (null == internalGroup)
- {
- throw new SecurityException
(SecurityException.GROUP_DOES_NOT_EXIST.create(groupFullPathName));
- }
Collection internalRoles = internalGroup.getRolePrincipals();
InternalRolePrincipal internalRole =
commonQueries.getInternalRolePrincipal(RolePrincipalImpl
.getFullPathFromPrincipalName(roleFullPathName));
internalRoles.add(internalRole);
internalGroup.setRolePrincipals(internalRoles);
commonQueries.setInternalGroupPrincipal(internalGroup, false);
}
Re: Security "Mapping Only" Feature for Groups
Posted by prasana <pr...@bluenog.com>.
Thanks for the reply.
When I mentioned about Mapping Only Feature, I am talking about
"IS_MAPPING_ONLY" column in SECURITY_PRINCIPAL table.
The SecurityAccess Interface has both
setInternalUserPrincipal(InternalUserPrincipal, isMappingOnly) and
setInternalGroupPrincipal(InternalGroupPrincipal, isMappingOnly) methods.
>From the DefaultSecurityMappingHandler setRolePrincipalInGroup() calls
setInternalGroupPrincipal() method always passes false for isMappingOnly.
commonQueries.setInternalGroupPrincipal(internalGroup, false);
If the group is not found, then it throws
SecurityException.GROUP_DOES_NOT_EXIST
But the DefaultSecurityMappingHandler setUserPrincipalInRolw() calls
setInternalUserPrincipal() method by passing false or true based on whether
the user already exists or not
The reason is I am trying to leave my users and groups in weblogic realm and
trying to maintain the roles in jetspeed. It looks like when I am trying to
assign a user to a role, it creates the user in SECURITY_PRINCIPAL table but
with the IS_MAPPING_ONLY flag as 1. But when I am trying to assign a group
to role, I am getting SecurityException.GROUP_DOES_NOT_EXIST
If jetspeed creates the group in SECURITY_PRINCIPAL table with the
IS_MAPPING_ONLY flag as 1 for this case, it will work fine. For that I need
to make modification to DefaultSecurityMappingHandler. I want to make sure
that is there any reason for this not to be implemented before.
Hope this helps about what I am trying to convey here.
Thanks
Prasanna
David Sean Taylor wrote:
>
>
> On Oct 31, 2007, at 9:14 AM, prasana wrote:
>
>>
>> It looks like that Security Mapping only Feature exist for User
>> Principal but
>> not for Group Principal.
>>
>> Is there any reason behind not implementing this for Group Principal.
>>
> Not that I am aware of, probably just no requirement up until now
>
> I am looking at the UserManager:
>
> getUser(String username)
> ...
> principals.add(userPrincipal);
> principals.addAll(securityMappingHandler.getRolePrincipals
> (username));
> principals.addAll(securityMappingHandler.getGroupPrincipals
> (username));
>
>
> Is this what you are saying is missing with groups?
>
>
>
>
--
View this message in context: http://www.nabble.com/Security-%22Mapping-Only%22-Feature-for-Groups-tf4726066.html#a13517717
Sent from the Jetspeed - Dev mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: Security "Mapping Only" Feature for Groups
Posted by David Sean Taylor <da...@bluesunrise.com>.
On Oct 31, 2007, at 9:14 AM, prasana wrote:
>
> It looks like that Security Mapping only Feature exist for User
> Principal but
> not for Group Principal.
>
> Is there any reason behind not implementing this for Group Principal.
>
Not that I am aware of, probably just no requirement up until now
I am looking at the UserManager:
getUser(String username)
...
principals.add(userPrincipal);
principals.addAll(securityMappingHandler.getRolePrincipals
(username));
principals.addAll(securityMappingHandler.getGroupPrincipals
(username));
Is this what you are saying is missing with groups?