Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-16151

Wrap augmentSecurityContext invocations to collect modifications made by several script invocations

    Details

    • Target Version/s:
    • Verified Version/s:
    • Sprint:
      IDM - 2021.3

      Description

      See

      https://stash.forgerock.org/projects/OPENIDM/repos/openidm/pull-requests/7413/overview

      Prior to this change, the following two functional tests will fail:

      Policy.Default Policy.Reauthentication Change Password.user_can_not_update_password_by_patch_without_reauth

      Policy.Default Policy.Reauthentication Change Password.user_can_not_update_password_by_put_without_reauth

       After this change, the org model failed to work, as the privilege manipulations performed by orgPrivileges.js were not returned to AugmentationScriptExecutor.java.

      See https://stash.forgerock.org/projects/OPENIDM/repos/openidm/browse/openidm-authnfilter/src/main/java/org/forgerock/openidm/auth/AugmentationScriptExecutor.java#196

      The AugmentationScriptExecutor will examine the results of augmentSecurityContext binding invocations, and harvest the returned values by incorporating them into the security context. Currently, orgPrivileges.js will return a Map with a privileges array including the appropriate org privileges reflecting the logged-in user's adminOfOrg and ownerOfOrg relationships. The customAuthz.js script will return the authorization map augmented to reflect protected attributes. 

      The yield of each of these invocations must be included in a single map, returned to to the AugmentationScriptExecutor. One solution is to write a 'wrapper' script which will make each of the invocations distinctly, merging the yield of each in a single map, which is then returned to the AugmentationScriptExecutor.

        Attachments

          Activity

            People

            • Assignee:
              dhogan Dirk Hogan
              Reporter:
              dhogan Dirk Hogan
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: