From ae975289fcd669e122589cfd1a7c82e0b28f733e Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 14 Jan 2016 16:13:26 +1100 Subject: Weaken PKIPrincipal to superclass in several places In several places we are casting a `Principal' to `PKIPrincpal', when `GenericPrincpal' or even no cast will suffice. In upcoming external authentication support externally authenticated principals will not be instances of `PKIPrincipal', so weaken assumptions about type of the principal where possible. Part of: https://fedorahosted.org/pki/ticket/1359 --- .../cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'base/server/cmscore/src') diff --git a/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java b/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java index 38f542ffb..38b174859 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java +++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/CSCfgDatabase.java @@ -21,13 +21,13 @@ package com.netscape.cmscore.dbs; import java.security.Principal; import java.util.Arrays; +import org.apache.catalina.realm.GenericPrincipal; import org.apache.commons.lang.StringUtils; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.Constants; -import com.netscape.cms.realm.PKIPrincipal; /** @@ -51,12 +51,13 @@ public class CSCfgDatabase extends Database { } public boolean canApprove(Principal principal) { - if (!(principal instanceof PKIPrincipal)) { + if (!(principal instanceof GenericPrincipal)) { return false; } - PKIPrincipal pkiPrincipal = (PKIPrincipal)principal; - return pkiPrincipal.hasRole("TPS Agents"); + // TODO remove hardcoded role name and consult authzmgr + // (so that we can handle externally-authenticated principals) + return ((GenericPrincipal) principal).hasRole("TPS Agents"); } public String getRecordStatus(String recordID) throws EBaseException { -- cgit