headers
Kevin Meyer (Created) (JIRA | 13 Mar 2012 13:53
Picon
Favicon

[jira] [Created] (ISIS-211) org.apache.isis.security.file.authorization.FileAuthorizor does not work

org.apache.isis.security.file.authorization.FileAuthorizor does not work
------------------------------------------------------------------------

                 Key: ISIS-211
                 URL: https://issues.apache.org/jira/browse/ISIS-211
             Project: Isis
          Issue Type: Bug
          Components: Security: File
    Affects Versions: 0.3.0-incubating
            Reporter: Kevin Meyer

Even with the following in isis.properties:
isis.authorization=file
isis.authorization.file.whitelist=allow.properties
isis.authorization.file.blacklist=disallow.properties

the file authorizor is picked up:
13:41:06,268  [FileAuthorizor       main       INFO ]  loading authorization details from allow.properties
13:41:06,269  [FileAuthorizor       main       INFO ]  loading authorization details from allow.properties
13:41:06,269  [JmxBeanServer        main       INFO ]  JMX bean server created
13:41:06,299  [JmxBeanServer        main       INFO ]  file-authorizer JMX mbean registered: org.apache.isis.security.file.authorization.FileAuthorizor <at> 34a083f2

But it does not work - services that are listed in the disallow.properties and services not listed in the
allow.properties are still available.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
(Continue reading)

Permalink | Reply |
headers
Kevin Meyer (Commented) (JIRA | 14 Mar 2012 08:03
Picon
Favicon

[jira] [Commented] (ISIS-211) org.apache.isis.security.file.authorization.FileAuthorizor does not work


    [
https://issues.apache.org/jira/browse/ISIS-211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13229040#comment-13229040
] 

Kevin Meyer commented on ISIS-211:
----------------------------------

File authorizor class is picked up and queried only when the Facet is installed. Do so with the following in isis.properties:

isis.reflector.facets.include=org.apache.isis.runtimes.dflt.runtime.authorization.AuthorizationFacetFactoryForDfltRuntime

This still does let the file authorizor work as expected - in the HTML viewer, a service and role that is in the
authorizor.deny still appears as a visible service.

> org.apache.isis.security.file.authorization.FileAuthorizor does not work
> ------------------------------------------------------------------------
>
>                 Key: ISIS-211
>                 URL: https://issues.apache.org/jira/browse/ISIS-211
>             Project: Isis
>          Issue Type: Bug
>          Components: Security: File
>    Affects Versions: 0.3.0-incubating
>            Reporter: Kevin Meyer
>
> Even with the following in isis.properties:
> isis.authorization=file
> isis.authorization.file.whitelist=allow.properties
> isis.authorization.file.blacklist=disallow.properties
(Continue reading)

Permalink | Reply |
headers
Dan Haywood (Commented) (JIRA | 14 Mar 2012 08:21
Picon
Favicon

[jira] [Commented] (ISIS-211) org.apache.isis.security.file.authorization.FileAuthorizor does not work


    [
https://issues.apache.org/jira/browse/ISIS-211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13229048#comment-13229048
] 

Dan Haywood commented on ISIS-211:
----------------------------------

sounds more like a bug in the html viewer - perhaps it's not correctly doing the InteractionAdvisorUtils call?

> org.apache.isis.security.file.authorization.FileAuthorizor does not work
> ------------------------------------------------------------------------
>
>                 Key: ISIS-211
>                 URL: https://issues.apache.org/jira/browse/ISIS-211
>             Project: Isis
>          Issue Type: Bug
>          Components: Security: File
>    Affects Versions: 0.3.0-incubating
>            Reporter: Kevin Meyer
>
> Even with the following in isis.properties:
> isis.authorization=file
> isis.authorization.file.whitelist=allow.properties
> isis.authorization.file.blacklist=disallow.properties
> the file authorizor is picked up:
> 13:41:06,268  [FileAuthorizor       main       INFO ]  loading authorization details from allow.properties
> 13:41:06,269  [FileAuthorizor       main       INFO ]  loading authorization details from allow.properties
> 13:41:06,269  [JmxBeanServer        main       INFO ]  JMX bean server created
> 13:41:06,299  [JmxBeanServer        main       INFO ]  file-authorizer JMX mbean registered: org.apache.isis.security.file.authorization.FileAuthorizor <at> 34a083f2
(Continue reading)

Permalink | Reply |
headers
Kevin Meyer (Commented) (JIRA | 14 Mar 2012 08:41
Picon
Favicon

[jira] [Commented] (ISIS-211) org.apache.isis.security.file.authorization.FileAuthorizor does not work


    [
https://issues.apache.org/jira/browse/ISIS-211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13229058#comment-13229058
] 

Kevin Meyer commented on ISIS-211:
----------------------------------

Yesterday when I was debugging the file authorizor, there was some weirdness when the calling "isVisible"
was returning true even though the specification and role was in the blacklist and returning false.

> org.apache.isis.security.file.authorization.FileAuthorizor does not work
> ------------------------------------------------------------------------
>
>                 Key: ISIS-211
>                 URL: https://issues.apache.org/jira/browse/ISIS-211
>             Project: Isis
>          Issue Type: Bug
>          Components: Security: File
>    Affects Versions: 0.3.0-incubating
>            Reporter: Kevin Meyer
>
> Even with the following in isis.properties:
> isis.authorization=file
> isis.authorization.file.whitelist=allow.properties
> isis.authorization.file.blacklist=disallow.properties
> the file authorizor is picked up:
> 13:41:06,268  [FileAuthorizor       main       INFO ]  loading authorization details from allow.properties
> 13:41:06,269  [FileAuthorizor       main       INFO ]  loading authorization details from allow.properties
> 13:41:06,269  [JmxBeanServer        main       INFO ]  JMX bean server created
(Continue reading)

Permalink | Reply |
headers
Dan Haywood (Commented) (JIRA | 14 Mar 2012 10:03
Picon
Favicon

[jira] [Commented] (ISIS-211) org.apache.isis.security.file.authorization.FileAuthorizor does not work


    [
https://issues.apache.org/jira/browse/ISIS-211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13229086#comment-13229086
] 

Dan Haywood commented on ISIS-211:
----------------------------------

Yeah, you included a snippet on the mailing list.  I don't think that can really be what was happening,
because if it was then the JVM would be broken ;-)  

Not sure how to proceed here; can you isolate the problem in any way so that I can look at it?

> org.apache.isis.security.file.authorization.FileAuthorizor does not work
> ------------------------------------------------------------------------
>
>                 Key: ISIS-211
>                 URL: https://issues.apache.org/jira/browse/ISIS-211
>             Project: Isis
>          Issue Type: Bug
>          Components: Security: File
>    Affects Versions: 0.3.0-incubating
>            Reporter: Kevin Meyer
>
> Even with the following in isis.properties:
> isis.authorization=file
> isis.authorization.file.whitelist=allow.properties
> isis.authorization.file.blacklist=disallow.properties
> the file authorizor is picked up:
> 13:41:06,268  [FileAuthorizor       main       INFO ]  loading authorization details from allow.properties
(Continue reading)

Permalink | Reply |

Gmane