You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@syncope.apache.org by GitBox <gi...@apache.org> on 2020/04/21 07:33:45 UTC

[GitHub] [syncope] mmoayyed commented on a change in pull request #176: SYNCOPE-1553: Translate AuthModuleConfs to WA

mmoayyed commented on a change in pull request #176:
URL: https://github.com/apache/syncope/pull/176#discussion_r411943268



##########
File path: core/am/logic/src/main/java/org/apache/syncope/core/logic/AuthModuleLogic.java
##########
@@ -60,7 +59,8 @@ public AuthModuleTO update(final AuthModuleTO authModuleTO) {
         return binder.getAuthModuleTO(authModuleDAO.save(binder.update(authModule, authModuleTO)));
     }
 
-    @PreAuthorize("hasRole('" + AMEntitlement.AUTH_MODULE_LIST + "')")
+    @PreAuthorize("isAnonymous() or hasRole('" + AMEntitlement.AUTH_MODULE_LIST

Review comment:
       The PropertySourceLocator fails to call `list()` on AuthModuleService via the anonymous-user, and produces 403 error codes. Cross-checked with 1-2 other Logic components and they seem to follow a similar approach. Is there a better alternative? 




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org