From: Aron Roberts Date: Mon, 31 May 2010 17:48:36 +0000 (+0000) Subject: CSPACE-1946: TEMPORARILY commenting out the block, in SecurityInterceptor, that check... X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=00931fd72c8fa68f2a479770c9f6cdfd9d0cdf9f;p=tmp%2Fjakarta-migration.git CSPACE-1946: TEMPORARILY commenting out the block, in SecurityInterceptor, that checks whether a services client is authorized to access resources at a particular URL. This effectively DISABLES authorization checks on access requests to the services layer. This is a temporary workaround, suggested in one of Sanjay's comments on this issue, to facilitate testing on nightly.collectionspace.org on 2010-05-31, and should be reversed as soon as practical. --- diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java index 0a40c3f5c..194c6c1db 100644 --- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java +++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java @@ -74,6 +74,9 @@ public class SecurityInterceptor implements PreProcessInterceptor { // if (uriPath.startsWith("dimensions")) { AuthZ authZ = AuthZ.get(); CSpaceResource res = new URIResourceImpl(resName, httpMethod); +/* + TEMPORARILY commented out by Aron per Sanjay's suggestion in CSPACE-1946. + NOTE: This effectively DISABLES authorization checks at the services layer. if (!authZ.isAccessAllowed(res)) { logger.error("Access to " + res.getId() + " is NOT allowed to " + " user=" + AuthN.get().getUserId()); @@ -81,6 +84,7 @@ public class SecurityInterceptor implements PreProcessInterceptor { Response.Status.FORBIDDEN).entity(uriPath + " " + httpMethod).type("text/plain").build(); throw new WebApplicationException(response); } +*/ if (logger.isDebugEnabled()) { logger.debug("Access to " + res.getId() + " is allowed to " + " user=" + AuthN.get().getUserId());