Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security groups do not work correctly #35

Closed
GoogleCodeExporter opened this issue Sep 18, 2015 · 3 comments
Closed

Security groups do not work correctly #35

GoogleCodeExporter opened this issue Sep 18, 2015 · 3 comments
Labels
auto-migrated Component-Server Milestone-0.5-preview4 Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

Currently, everyone is considered a member of the "admin" group, which breaks 
many security 
features.

Original issue reported on code.google.com by jonathan...@gmail.com on 26 Apr 2010 at 8:04
@GoogleCodeExporter
Copy link
Author 

See email exchange below for more details:

On Fri, Apr 23, 2010 at 11:56 AM, Babiuch, Ryan Nicholas (MU-Student) wrote:
Jonathan,

It looks as if every user I'm creating is created as a member of the admin 
group even guest logins. I created 
around 4 different users, 3 of which are in a "clients" group, and 1 of which 
is in a "teachers" group. Logging in 
with each of these accounts results in the print statement:

[java] Testing principal Principal{User: guest} for group teacher
[java] Testing principal Principal{Everybody: users} for group teacher
[java] Testing principal Principal{Group: admin} for group teacher

where guest could be any of these 4 accounts, admin, or a a nonauth'd guest.

If you get a chance, would you mind taking a look?

thanks!
Ryan

On Friday, April 23, 2010 at 11:37 PM, Jonathan Kaplan wrote:

I think this is a 1-liner (1 character even).  I haven't had a chance to test 
in-world, but I think it is a web 
service bug introduced when we updated to a new version of Jersey.  In 
modules/tools/security-group, find 
GroupsResource.java.  Change the annotation at the top from:

@Path("/groups/")

to:

@Path("/groups")

That will fix querying groups per-member.  You can test it out in a browser by 
going to:

http://localhost:8080/security-groups/security-groups/resources/groups?user=<use
rid>

If you try without the fix, it will always return all the groups, because it 
redirects to /groups/.  If you put in the 
fix, it should only return the groups that member is part of.

Let me know if this works for you, and I'll commit the fix.

-Jon

Original comment by jonathan...@gmail.com on 26 Apr 2010 at 8:07

@GoogleCodeExporter
Copy link
Author 

This issue was closed by revision r4413.

Original comment by jonathan...@gmail.com on 26 Apr 2010 at 8:20

  • Changed state: Fixed

@GoogleCodeExporter
Copy link
Author 

This issue was updated by revision r4414.

Merge rev 4413 from trunk
Include fix for security group issues in preview 4

Original comment by jonathan...@gmail.com on 26 Apr 2010 at 8:24

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Component-Server Milestone-0.5-preview4 Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter