summaryrefslogtreecommitdiffstats
path: root/base/server/cmscore/src
diff options
context:
space:
mode:
Diffstat (limited to 'base/server/cmscore/src')
-rw-r--r--base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java9
1 files changed, 5 insertions, 4 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java
index 38f542ffb..38b174859 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java
@@ -21,13 +21,13 @@ package com.netscape.cmscore.dbs;
import java.security.Principal;
import java.util.Arrays;
+import org.apache.catalina.realm.GenericPrincipal;
import org.apache.commons.lang.StringUtils;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.common.Constants;
-import com.netscape.cms.realm.PKIPrincipal;
/**
@@ -51,12 +51,13 @@ public class CSCfgDatabase<E extends CSCfgRecord> extends Database<E> {
}
public boolean canApprove(Principal principal) {
- if (!(principal instanceof PKIPrincipal)) {
+ if (!(principal instanceof GenericPrincipal)) {
return false;
}
- PKIPrincipal pkiPrincipal = (PKIPrincipal)principal;
- return pkiPrincipal.hasRole("TPS Agents");
+ // TODO remove hardcoded role name and consult authzmgr
+ // (so that we can handle externally-authenticated principals)
+ return ((GenericPrincipal) principal).hasRole("TPS Agents");
}
public String getRecordStatus(String recordID) throws EBaseException {
generated by cgit (git 2.34.1) at 2024-06-19 22:18:29 +0000