diff options
| author | Jack Magne <jmagne@dhcp-32-224.sjc.redhat.com> | 2012-04-25 13:49:19 -0700 |
|---|---|---|
| committer | Jack Magne <jmagne@dhcp-32-224.sjc.redhat.com> | 2012-05-04 18:23:00 -0700 |
| commit | a1ef21445638aadd9d0f2b58000b11bd1ecb58f3 (patch) | |
| tree | d09181639587153c9cc3017ff65c8313b96378fd /base/common/src/com | |
| parent | ac2dcb4573ad33f927c5dae49a6bd473592083c0 (diff) | |
| download | pki-a1ef21445638aadd9d0f2b58000b11bd1ecb58f3.tar.gz pki-a1ef21445638aadd9d0f2b58000b11bd1ecb58f3.tar.xz pki-a1ef21445638aadd9d0f2b58000b11bd1ecb58f3.zip | |
JNDI realm enhancement to handle multiple entry ACLs.
Currently the realm only returns the last acl result in a multiple entry ACL. Since most of them only have one entry, this is mistly ok. This simple fix allows the code to handle multiple entries correctly.
Ticket #123.
Diffstat (limited to 'base/common/src/com')
| -rw-r--r-- | base/common/src/com/netscape/cmscore/realm/PKIJNDIRealm.java | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/base/common/src/com/netscape/cmscore/realm/PKIJNDIRealm.java b/base/common/src/com/netscape/cmscore/realm/PKIJNDIRealm.java index 683dc60f8..a112cdbcc 100644 --- a/base/common/src/com/netscape/cmscore/realm/PKIJNDIRealm.java +++ b/base/common/src/com/netscape/cmscore/realm/PKIJNDIRealm.java @@ -384,10 +384,16 @@ public class PKIJNDIRealm extends JNDIRealm { if (isEntryNegative) { allowed = !allowed; } - - //ToDo: - // Handle the more than one entry case. - // What to do if one of them fails. + + // Our current ACLs require that every entry passes for + // the entire ACL to pass. + // For some reason the original code allows the negative acls (deny) + // to be evaluated first or second based on configuration. Here, simply + // traverse the list as is. + + if (!allowed) { + break; + } } return allowed; |