You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Shawn McKinney (JIRA)" <ji...@apache.org> on 2015/03/01 12:58:04 UTC

[jira] [Created] (FC-74) DSD checking on hierarchical relationships incorrect

Shawn McKinney created FC-74:
--------------------------------

             Summary: DSD checking on hierarchical relationships incorrect
                 Key: FC-74
                 URL: https://issues.apache.org/jira/browse/FC-74
             Project: FORTRESS
          Issue Type: Bug
    Affects Versions: 1.0.0-RC39
            Reporter: Shawn McKinney
             Fix For: 1.0.0-RC40


Manually testing of fortress detected that did constraints between roles can be bypassed via inheritance.  

For example this constraint:
  sdset name="Demo2DSD" 
  description="ROLE_TEST DATA roles are mutually exclusive" cardinality="2"
  setType="DYNAMIC"
  setmembers="PAGE1_123,PAGE1_456,PAGE1_789,
                         PAGE2_123,PAGE2_456,PAGE2_789,
                         PAGE3_123,PAGE3_456,PAGE3_789"/>

can be bypassed thru these inheritance relationships:

                <relationship child="PERSON1" parent="ROLE_PAGE1"/>
                <relationship child="PERSON1" parent="PAGE1_123"/>
                <relationship child="PERSON1" parent="PAGE1_456"/>
                <relationship child="PERSON1" parent="PAGE1_789"/>

and then assigning to user:
userrole userId="anyuser" name="PERSON1"

when user 'any user' logs on, and  activate person1 role, which bypasses the constraint checks for dad on the roles person1 inherits.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)