You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by mr...@apache.org on 2016/08/30 20:43:49 UTC

usergrid git commit: Allow admin users to get tokens using credentials when SSO providers other than Usergrid is enabled.

Repository: usergrid
Updated Branches:
  refs/heads/hotfix-20160819 4b01bc889 -> a3e8946fa


Allow admin users to get tokens using credentials when SSO providers other than Usergrid is enabled.


Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/a3e8946f
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/a3e8946f
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/a3e8946f

Branch: refs/heads/hotfix-20160819
Commit: a3e8946fa275253c47bce93a98c6cfe058d4ceb1
Parents: 4b01bc8
Author: Michael Russo <mr...@apigee.com>
Authored: Tue Aug 30 13:42:51 2016 -0700
Committer: Michael Russo <mr...@apigee.com>
Committed: Tue Aug 30 13:42:51 2016 -0700

----------------------------------------------------------------------
 .../usergrid/rest/management/ManagementResource.java    | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/usergrid/blob/a3e8946f/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
index 9ef67c9..4f8b456 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
@@ -395,6 +395,7 @@ public class ManagementResource extends AbstractContextResource {
 
             //moved the check for sso enabled form MangementServiceImpl since was unable to get the current user there to check if its super user.
             if( tokens.isExternalSSOProviderEnabled()
+                && properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER).equalsIgnoreCase("usergrid")
                 && !userServiceAdmin(username) ){
                 OAuthResponse response =
                     OAuthResponse.errorResponse( SC_BAD_REQUEST ).setError( OAuthError.TokenResponse.INVALID_GRANT )
@@ -625,13 +626,14 @@ public class ManagementResource extends AbstractContextResource {
             return; // we only care about username/password auth
         }
 
-        if ( tokens.isExternalSSOProviderEnabled() ) {
-            // when external tokens enabled then only superuser can obtain an access token
-            if ( !userServiceAdmin(username)) {
-                // this guy is not the superuser
+        // when external tokens enabled with Usergrid provider then only superuser can obtain an access token
+        if ( tokens.isExternalSSOProviderEnabled()
+            && properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER).equalsIgnoreCase("usergrid")
+            && !userServiceAdmin(username) ) {
+
                 throw new IllegalArgumentException( "External SSO integration is enabled, admin users must login via provider: "+
                     properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
-            }
+
         }
     }