You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by mr...@apache.org on 2016/09/02 00:51:37 UTC

[18/35] usergrid git commit: Allow admin users to get tokens using credentials when SSO providers other than Usergrid is enabled.

Allow admin users to get tokens using credentials when SSO providers other than Usergrid is enabled.


Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/a3e8946f
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/a3e8946f
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/a3e8946f

Branch: refs/heads/master
Commit: a3e8946fa275253c47bce93a98c6cfe058d4ceb1
Parents: 4b01bc8
Author: Michael Russo <mr...@apigee.com>
Authored: Tue Aug 30 13:42:51 2016 -0700
Committer: Michael Russo <mr...@apigee.com>
Committed: Tue Aug 30 13:42:51 2016 -0700

----------------------------------------------------------------------
 .../usergrid/rest/management/ManagementResource.java    | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/usergrid/blob/a3e8946f/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
index 9ef67c9..4f8b456 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
@@ -395,6 +395,7 @@ public class ManagementResource extends AbstractContextResource {
 
             //moved the check for sso enabled form MangementServiceImpl since was unable to get the current user there to check if its super user.
             if( tokens.isExternalSSOProviderEnabled()
+                && properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER).equalsIgnoreCase("usergrid")
                 && !userServiceAdmin(username) ){
                 OAuthResponse response =
                     OAuthResponse.errorResponse( SC_BAD_REQUEST ).setError( OAuthError.TokenResponse.INVALID_GRANT )
@@ -625,13 +626,14 @@ public class ManagementResource extends AbstractContextResource {
             return; // we only care about username/password auth
         }
 
-        if ( tokens.isExternalSSOProviderEnabled() ) {
-            // when external tokens enabled then only superuser can obtain an access token
-            if ( !userServiceAdmin(username)) {
-                // this guy is not the superuser
+        // when external tokens enabled with Usergrid provider then only superuser can obtain an access token
+        if ( tokens.isExternalSSOProviderEnabled()
+            && properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER).equalsIgnoreCase("usergrid")
+            && !userServiceAdmin(username) ) {
+
                 throw new IllegalArgumentException( "External SSO integration is enabled, admin users must login via provider: "+
                     properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
-            }
+
         }
     }