You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by mr...@apache.org on 2016/08/30 20:43:49 UTC
usergrid git commit: Allow admin users to get tokens using
credentials when SSO providers other than Usergrid is enabled.
Repository: usergrid
Updated Branches:
refs/heads/hotfix-20160819 4b01bc889 -> a3e8946fa
Allow admin users to get tokens using credentials when SSO providers other than Usergrid is enabled.
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/a3e8946f
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/a3e8946f
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/a3e8946f
Branch: refs/heads/hotfix-20160819
Commit: a3e8946fa275253c47bce93a98c6cfe058d4ceb1
Parents: 4b01bc8
Author: Michael Russo <mr...@apigee.com>
Authored: Tue Aug 30 13:42:51 2016 -0700
Committer: Michael Russo <mr...@apigee.com>
Committed: Tue Aug 30 13:42:51 2016 -0700
----------------------------------------------------------------------
.../usergrid/rest/management/ManagementResource.java | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/usergrid/blob/a3e8946f/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
index 9ef67c9..4f8b456 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
@@ -395,6 +395,7 @@ public class ManagementResource extends AbstractContextResource {
//moved the check for sso enabled form MangementServiceImpl since was unable to get the current user there to check if its super user.
if( tokens.isExternalSSOProviderEnabled()
+ && properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER).equalsIgnoreCase("usergrid")
&& !userServiceAdmin(username) ){
OAuthResponse response =
OAuthResponse.errorResponse( SC_BAD_REQUEST ).setError( OAuthError.TokenResponse.INVALID_GRANT )
@@ -625,13 +626,14 @@ public class ManagementResource extends AbstractContextResource {
return; // we only care about username/password auth
}
- if ( tokens.isExternalSSOProviderEnabled() ) {
- // when external tokens enabled then only superuser can obtain an access token
- if ( !userServiceAdmin(username)) {
- // this guy is not the superuser
+ // when external tokens enabled with Usergrid provider then only superuser can obtain an access token
+ if ( tokens.isExternalSSOProviderEnabled()
+ && properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER).equalsIgnoreCase("usergrid")
+ && !userServiceAdmin(username) ) {
+
throw new IllegalArgumentException( "External SSO integration is enabled, admin users must login via provider: "+
properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
- }
+
}
}