Permalink
Browse files

initialize groups used as scopes.

[fixes #43374247]
  • Loading branch information...
1 parent 8085d0d commit 17f79edd714aa52b4bb1e51974c10db2b573661a @daleolds committed Feb 12, 2013
@@ -162,6 +162,9 @@ ScimGroup getGroup(String name) {
}
private void addGroup(String name) {
+ if (name.isEmpty()) {
+ return;
+ }
logger.debug("adding group: " + name);
ScimGroup g = new ScimGroup(name);
try {
@@ -5,7 +5,7 @@ oauth:
admin:
authorized-grant-types: client_credentials
scope: uaa.none
- authorities: uaa.admin,clients.read,clients.write,clients.secret,tokens.read,tokens.write
+ authorities: uaa.admin,clients.read,clients.write,clients.secret,scim.read,scim.write
id: admin
secret: adminsecret
@@ -240,12 +240,18 @@
<property name="groupMembers" ref="members" />
</bean>
- <bean id="groups" class="java.lang.String">
+ <bean id="nonDefaultUserGroups" class="java.lang.String">
+ <!-- Scopes known to the UAA. Here so the groups will exist and users MAY be added to them, but not automatically like defaultUserAuthorities -->
<constructor-arg
- value="#{(@config['scim']==null or @config['scim']['groups']==null)?@defaultGroups:@config['scim']['groups']}" />
+ value="scim.read,scim.write,uaa.resource,uaa.admin,clients.read,clients.write,clients.secret,cloud_controller.admin" />
</bean>
- <bean id="members" class="org.springframework.beans.factory.config.ListFactoryBean">
+ <bean id="groups" class="java.lang.String">
+ <constructor-arg
+ value="#{@nonDefaultUserGroups},#{(@config['scim']==null or @config['scim']['groups']==null)?@defaultGroups:@config['scim']['groups']}" />
+ </bean>
+
+ <bean id="members" class="org.springframework.beans.factory.config.ListFactoryBean">
<property name="sourceList"
value="#{(@config['scim']==null or @config['scim']['group_membership']==null)?@defaultMembers:@config['scim']['group_membership']}" />
</bean>
@@ -41,7 +41,7 @@ oauth:
resource-ids: none
admin:
authorized-grant-types: client_credentials
- scope: clients.read,clients.write,clients.secret,tokens.read,tokens.write
+ scope: clients.read,clients.write,clients.secret,scim.read,scim.write
authorities: uaa.admin,clients.read,clients.write,clients.secret,tokens.read,tokens.write
id: admin
secret: adminsecret

0 comments on commit 17f79ed

Please sign in to comment.