502861 - Signed CMC-Authenticated User Certificate Enrollment fails with Authorization

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@551 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2009-06-04 22:46:35 +0000
committer: cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2009-06-04 22:46:35 +0000
commit: f1c52a0d3c563ed5ab657a5615130199176f72dd (patch)
tree: 7c8695370c9a62b8f8e8a211b8d8ae4ad1ca77e5 /pki/base
parent: 0f84d2a0ae1046a1366d7be4d63a6a18ccb7c468 (diff)
download: pki-f1c52a0d3c563ed5ab657a5615130199176f72dd.tar.gz
pki-f1c52a0d3c563ed5ab657a5615130199176f72dd.tar.xz
pki-f1c52a0d3c563ed5ab657a5615130199176f72dd.zip
1 files changed, 10 insertions, 3 deletions
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
index dc42b6fb..492558b9 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
@@ -101,21 +101,28 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
             // should define "uid" at a common place
             String uid = null;
 
-            uid = authToken.getInString("uid");
+            uid = authToken.getInString("userid");
             if (uid == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
-                return false;
+                uid = authToken.getInString("uid");
+                if (uid == null) {
+                  CMS.debug("GroupAccessEvaluator: evaluate: uid null");
+                  log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
+                  return false;
+                }
             }
+            CMS.debug("GroupAccessEvaluator: evaluate: uid="+uid +" value="+value);
 
             String groupname = authToken.getInString("gid");
 
             if (groupname != null) {
+                CMS.debug("GroupAccessEvaluator: evaluate: authToken gid="+groupname);
                 if (op.equals("=")) {
                     return groupname.equals(Utils.stripQuotes(value));
                 } else if (op.equals("!=")) {
                     return !groupname.equals(Utils.stripQuotes(value));
                 }
             } else {
+                CMS.debug("GroupAccessEvaluator: evaluate: no gid in authToken");
                 IUser id = null;
                 try { 
                     id = mUG.getUser(uid);
author	cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2009-06-04 22:46:35 +0000
committer	cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2009-06-04 22:46:35 +0000
commit	f1c52a0d3c563ed5ab657a5615130199176f72dd (patch)
tree	7c8695370c9a62b8f8e8a211b8d8ae4ad1ca77e5 /pki/base
parent	0f84d2a0ae1046a1366d7be4d63a6a18ccb7c468 (diff)
download	pki-f1c52a0d3c563ed5ab657a5615130199176f72dd.tar.gz pki-f1c52a0d3c563ed5ab657a5615130199176f72dd.tar.xz pki-f1c52a0d3c563ed5ab657a5615130199176f72dd.zip