diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-01-14 16:13:26 +1100 |
---|---|---|
committer | Fraser Tweedale <ftweedal@redhat.com> | 2016-02-15 14:38:06 +1000 |
commit | ae975289fcd669e122589cfd1a7c82e0b28f733e (patch) | |
tree | 97a15170931f2e21216c3f053604e1f882cdc55d /base/server/cmscore | |
parent | f6177fede9d1b688f0519953ec14839d513a6e2c (diff) | |
download | pki-ae975289fcd669e122589cfd1a7c82e0b28f733e.tar.gz pki-ae975289fcd669e122589cfd1a7c82e0b28f733e.tar.xz pki-ae975289fcd669e122589cfd1a7c82e0b28f733e.zip |
Weaken PKIPrincipal to superclass in several places
In several places we are casting a `Principal' to `PKIPrincpal',
when `GenericPrincpal' or even no cast will suffice. In upcoming
external authentication support externally authenticated principals
will not be instances of `PKIPrincipal', so weaken assumptions about
type of the principal where possible.
Part of: https://fedorahosted.org/pki/ticket/1359
Diffstat (limited to 'base/server/cmscore')
-rw-r--r-- | base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java index 38f542ffb..38b174859 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java @@ -21,13 +21,13 @@ package com.netscape.cmscore.dbs; import java.security.Principal; import java.util.Arrays; +import org.apache.catalina.realm.GenericPrincipal; import org.apache.commons.lang.StringUtils; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.Constants; -import com.netscape.cms.realm.PKIPrincipal; /** @@ -51,12 +51,13 @@ public class CSCfgDatabase<E extends CSCfgRecord> extends Database<E> { } public boolean canApprove(Principal principal) { - if (!(principal instanceof PKIPrincipal)) { + if (!(principal instanceof GenericPrincipal)) { return false; } - PKIPrincipal pkiPrincipal = (PKIPrincipal)principal; - return pkiPrincipal.hasRole("TPS Agents"); + // TODO remove hardcoded role name and consult authzmgr + // (so that we can handle externally-authenticated principals) + return ((GenericPrincipal) principal).hasRole("TPS Agents"); } public String getRecordStatus(String recordID) throws EBaseException { |