projects
/
lgpl
/
argeo-commons.git
/ commitdiff
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
32e7377
)
Make aggregation authorization more robust.
author
Mathieu Baudier <mbaudier@argeo.org>
Sat, 28 Nov 2020 11:52:22 +0000
(12:52 +0100)
committer
Mathieu Baudier <mbaudier@argeo.org>
Sat, 28 Nov 2020 11:52:22 +0000
(12:52 +0100)
org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java
patch
|
blob
|
history
org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
patch
|
blob
|
history
diff --git
a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java
b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java
index 758d3e35515aa5af947b7227c77006c92f02a98f..ba9953416c9d5c05c80776e068b8ccf07759f007 100644
(file)
--- a/
org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java
+++ b/
org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingAuthorization.java
@@
-2,27
+2,29
@@
package org.argeo.osgi.useradmin;
import java.util.ArrayList;
import java.util.Collections;
import java.util.ArrayList;
import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.osgi.service.useradmin.Authorization;
import java.util.List;
import java.util.Set;
import org.osgi.service.useradmin.Authorization;
+/** An {@link Authorization} which combines roles form various auth sources. */
class AggregatingAuthorization implements Authorization {
private final String name;
private final String displayName;
class AggregatingAuthorization implements Authorization {
private final String name;
private final String displayName;
- private final
Lis
t<String> systemRoles;
- private final
Lis
t<String> roles;
+ private final
Se
t<String> systemRoles;
+ private final
Se
t<String> roles;
public AggregatingAuthorization(String name, String displayName, Set<String> systemRoles, String[] roles) {
this.name = name;
this.displayName = displayName;
public AggregatingAuthorization(String name, String displayName, Set<String> systemRoles, String[] roles) {
this.name = name;
this.displayName = displayName;
- this.systemRoles = Collections.unmodifiable
List(new ArrayList<String
>(systemRoles));
-
List<String> temp = new ArrayLis
t<>();
+ this.systemRoles = Collections.unmodifiable
Set(new HashSet<
>(systemRoles));
+
Set<String> temp = new HashSe
t<>();
for (String role : roles) {
if (!temp.contains(role))
temp.add(role);
}
for (String role : roles) {
if (!temp.contains(role))
temp.add(role);
}
- this.roles = Collections.unmodifiable
Lis
t(temp);
+ this.roles = Collections.unmodifiable
Se
t(temp);
}
@Override
}
@Override
diff --git
a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
index 85a44708204312646d30b7db4f235599231957a3..f3e51804a78e12760f0ee3720f5ad76aa3e2a0e3 100644
(file)
--- a/
org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
+++ b/
org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
@@
-110,7
+110,12
@@
public class AggregatingUserAdmin implements UserAdmin {
Set<String> sysRoles = new HashSet<String>();
for (String role : rawAuthorization.getRoles()) {
Authorization auth = systemRoles.getAuthorization((User) userAdmin.getRole(role));
Set<String> sysRoles = new HashSet<String>();
for (String role : rawAuthorization.getRoles()) {
Authorization auth = systemRoles.getAuthorization((User) userAdmin.getRole(role));
- sysRoles.addAll(Arrays.asList(auth.getRoles()));
+ systemRoles:for(String systemRole:auth.getRoles()) {
+ if(role.equals(systemRole))
+ continue systemRoles;
+ sysRoles.add(systemRole);
+ }
+// sysRoles.addAll(Arrays.asList(auth.getRoles()));
}
addAbstractSystemRoles(rawAuthorization, sysRoles);
Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,
}
addAbstractSystemRoles(rawAuthorization, sysRoles);
Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,