Kuali Rice Development
  1. Kuali Rice Development
  2. KULRICE-5315

KimRoleTypeService (if configured) should get to decide how to handle null qualifier match

    Details

    • Type: Bug Fix Bug Fix
    • Status: Open Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: Backlog
    • Component/s: Development
    • Security Level: Public (Public: Anyone can view)
    • Labels:
    • Similar issues:
      KULRICE-4505Decide on and document guidelines for how service contracts, DTOs, and implementations should be versioned
      KULRICE-14160Document how we want to handle testing and verification of pull requests from external entities
      KULRICE-13235Clear up the KIM qualifier question as to whether they should match by wildcard
      KULRICE-3947Determine how to handle collections in JPA for existing applications
      KULRICE-4243Responsibility document does not handle blank qualifier resolver correctly
      KULRICE-6098Agenda qualifier matching is backwards
      KULRICE-2346Improve how the KSB handles "dead" services
      KULRICE-6577KRAD Infrastructure not handling null OJB proxies?
      KULRICE-7566Should consider if a principal should be allowed to have a null principal name
      KULRICE-4554Improve how "store-and-forward" services are implemented in respect to the service registry
    • Rice Module:
      KIM
    • Application Requirement:
      KC
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required

      Description

      Currently, if a null qualifier is passed in for an authZ check for a role of a specific type, all role members are matched and returned. We need this to be customizable by type. So, RoleTypeService (if applicable) should get to decide how a null qualifier match should be handled.

      Here is the relevant piece of code from RoleServiceImpl:

      protected List<RoleMembershipInfo> getRoleMembers(List<String> roleIds, AttributeSet qualification, boolean followDelegations, Set<String> foundRoleTypeMembers ) {
      ...........
      ...........
      // if the qualification check does not need to be made, just add the result
      if ( (qualification == null || qualification.isEmpty()) || getRoleTypeService( rm.getRoleId() ) == null )

      { .................. }

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Chitra Chandran
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:

              Structure Helper Panel