From: Sanjay Dalal Date: Thu, 3 Jun 2010 19:40:05 +0000 (+0000) Subject: NOJIRA re-enabling access control in service layer in the trunk (only) X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=5f2bf09e127dd989cb29a371659d43b2537a53ed;p=tmp%2Fjakarta-migration.git NOJIRA re-enabling access control in service layer in the trunk (only) M security/SecurityInterceptor.java --- diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java index 194c6c1db..fd8fa167c 100644 --- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java +++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java @@ -71,12 +71,12 @@ public class SecurityInterceptor implements PreProcessInterceptor { } String resName = getResourceName(request.getUri()); checkActive(); -// if (uriPath.startsWith("dimensions")) { AuthZ authZ = AuthZ.get(); CSpaceResource res = new URIResourceImpl(resName, httpMethod); /* TEMPORARILY commented out by Aron per Sanjay's suggestion in CSPACE-1946. NOTE: This effectively DISABLES authorization checks at the services layer. + */ if (!authZ.isAccessAllowed(res)) { logger.error("Access to " + res.getId() + " is NOT allowed to " + " user=" + AuthN.get().getUserId()); @@ -84,12 +84,10 @@ public class SecurityInterceptor implements PreProcessInterceptor { Response.Status.FORBIDDEN).entity(uriPath + " " + httpMethod).type("text/plain").build(); throw new WebApplicationException(response); } -*/ if (logger.isDebugEnabled()) { logger.debug("Access to " + res.getId() + " is allowed to " + " user=" + AuthN.get().getUserId()); } -// } return null; }