Skip to content

Commit

Permalink
[JBPM-10039] Incorrect groups are returned when "org.kie.server.bypas…
Browse files Browse the repository at this point in the history 
…s.auth.user" is set and JAASUserGroupCallbackImpl is used (kiegroup#2211)

Co-authored-by: egonzale <egonzale@redhat.com>
  • Loading branch information
@afalhambra @elguardian @fjtirado
2 people authored and fjtirado committed Oct 5, 2022
1 parent f378e72 commit 2b8e661
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion ...an-task-core/src/main/java/org/jbpm/services/task/identity/JAASUserGroupCallbackImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ public List<String> getGroupsForUser(String userId) {
try {
Subject subject = getSubjectFromContainer();

if (subject != null) {
if (subject != null && subjectContainsUser(subject, userId)) {
Set<Principal> principals = subject.getPrincipals();

if (principals != null) {
Expand Down Expand Up @@ -157,6 +157,10 @@ public List<String> getGroupsForUser(String userId) {
return roles;
}

private boolean subjectContainsUser(Subject subject, String userId) {
return subject.getPrincipals().stream().map(Principal::getName).anyMatch(userId::equals);
}

protected Subject getSubjectFromContainer() {
try {
return (Subject) PolicyContext.getContext( "javax.security.auth.Subject.container" );
Expand Down

0 comments on commit 2b8e661

Please sign in to comment.