1 Reply Latest reply on Feb 26, 2006 1:59 PM by Scott Stark

    Bug in PortalSecurityPermissionCollection?

    al_kiev Newbie

      Hi guys,

      i might be mistaken but it seems like PortalSecurityPermissionCollection has a bug in loadPermission method.
      The error conditions are as follows
      when a user is a memeber of several roles the loadPermission method constructs permissions list which corresponds to the Role that appears to be first in the set ("Roles" principal). As a result, if "Admin" is NOT the first role returned, the user will not have the permissions granted to Admin role.

      I've fixed this error in my source but not very clear where should I post(publish) the fix.

      below is the fixed loadPermission method

      protected void loadPermission(String permType, String uri) throws Exception {
       String rootP = "/portalobject/";
       if (PermissionTypes.INSTANCE.equals(permType)) {
       rootP = "/instance/";
       }
      
       Enumeration roles = this.getAllRoles();
      
       this.permissionsList.clear();
      
       MBeanServer server = MBeanServerLocator.locateJBoss();
       ObjectName oname = new ObjectName("portal:service=TreeCache,type=persistent");
       Fqn fqn = Fqn.fromString(rootP + uri);
      
       ObjectEntry oe = (ObjectEntry) server.invoke(oname, "get", new Object[] { fqn, "constraints" }, new String[] {
       "org.jboss.cache.Fqn", "java.lang.Object" });
       if (oe != null) {
       Set constraints = (Set) oe.getValue();
       int len = constraints != null ? constraints.size() : 0;
       Object[] scarr = constraints.toArray();
      
       // check if at lest one user Role has permissions fo the uri
       if (roles != null) {
       while (roles.hasMoreElements()) {
       Principal rolePrincipal = (Principal) roles.nextElement();
       String role = rolePrincipal.getName();
      
       for (int i1 = 0; i1 < len; i1++) {
       SecurityConstraint sc = (SecurityConstraint) scarr[i1];
       String scrole = sc.getRole();
       if (scrole.equals(SecurityConstants.UNCHECKED_ROLE_NAME) == false && !role.equals(scrole))
       continue;
       Iterator iter = sc.getActions().iterator();
       while (iter.hasNext()) {
       String actionstr = (String) iter.next();
       this.permissionsList.add(getPortalPermission(permType, actionstr, uri));
       }
       }
       }
       }
       }
      }
      
      private Enumeration getAllRoles() throws Exception {
       Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
       log.debug("Subject=" + subject);
       Enumeration roles;
      
       List uncheckedRole = new LinkedList();
       uncheckedRole.add(new SimpleGroup(SecurityConstants.UNCHECKED_ROLE_NAME));
       roles = Collections.enumeration(uncheckedRole);
      
       if (subject != null) {
       Set principals = subject.getPrincipals();
       Iterator iter = principals != null ? principals.iterator() : null;
       while (iter != null && iter.hasNext()) {
       Principal p = (Principal) iter.next();
       if (p instanceof Group) {
       Group gp = (Group) p;
       if ("Roles".equals(gp.getName()) == false)
       continue;
       roles = gp.members();
       break;
       }
       }
       }
       return roles;
      }