Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1172

Controller specific permissions should be handled when using SOSIniAuthorizingRealm

    XMLWordPrintable

Details

    Description

      Current Situation

      When using SOSIniAuthorizingRealm as the iniRealm the controller specific permissions are not considered.

      E.g. when a role is defined as

      myRole = sos:products:joc, \
      test:sos:products:controller

      the user aUser that do have the role myRole do have all controller permissions for all controllers.

      Desired Behavior

      When a role is defined as

      myRole = sos:products:joc, \
      test:sos:products:controller

      the user aUser that do have the role myRole should have access to controller test only.

      Workaround

      Deactivate the SOSIniAuthorizingRealm

      #sosIniRealm = com.sos.auth.shiro.SOSIniAuthorizingRealm
      #securityManager.realms = $anyRealm,$sosIniRealm

      securityManager.realms = $anyRealm,$iniRealm

      When deactivating the SOSIniAuthorizingRealm all users will be logged out when the shiro.ini configuration file is changed.

      Attachments

        Activity

          People

            ur Uwe Risse
            ur Uwe Risse
            Kanika Agrawal Kanika Agrawal
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: