From 5dcda9815d57a45c1f2d6327eb45dd8a9ac45f74 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Tue, 15 Mar 2016 18:22:02 +1100 Subject: Allow multiple ACLs of same name (union of rules) Several lightweight CA ACLs share the 'certServer.ca.authorities' name, but when loading ACLs each load overwrites the previous. If multiple resourceACLS values have the same name, instead of replacing the existing ACL with the new one, add the rights and rules to the existing ACL. Part of: https://fedorahosted.org/pki/ticket/1625 --- .../cms/src/com/netscape/cms/authorization/AAclAuthz.java | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'base/server/cms/src/com/netscape/cms') diff --git a/base/server/cms/src/com/netscape/cms/authorization/AAclAuthz.java b/base/server/cms/src/com/netscape/cms/authorization/AAclAuthz.java index 089cca9be..b3e447cfc 100644 --- a/base/server/cms/src/com/netscape/cms/authorization/AAclAuthz.java +++ b/base/server/cms/src/com/netscape/cms/authorization/AAclAuthz.java @@ -160,7 +160,19 @@ public abstract class AAclAuthz { ACL acl = (ACL) CMS.parseACL(resACLs); if (acl != null) { - mACLs.put(acl.getName(), acl); + ACL curACL = mACLs.get(acl.getName()); + if (curACL == null) { + mACLs.put(acl.getName(), acl); + } else { + for (Enumeration entries = acl.entries() ; + entries.hasMoreElements() ; ) { + curACL.addEntry(entries.nextElement()); + } + for (Enumeration rights = acl.rights() ; + rights.hasMoreElements() ; ) { + curACL.addRight(rights.nextElement()); + } + } } else { log(ILogger.LL_FAILURE, "parseACL failed"); } -- cgit