[jboss-jira] [JBoss JIRA] (WFLY-1109) OptionsRoleMappingProvider cannot work on AS7

[Darran Lofthouse (JIRA)]

     [ https://issues.jboss.org/browse/WFLY-1109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse resolved WFLY-1109.
------------------------------------
    Fix Version/s: 11.0.0.Alpha1
       Resolution: Out of Date


Application server security is migrating to WildFly Elytron

> OptionsRoleMappingProvider cannot work on AS7
> ---------------------------------------------
>
>                 Key: WFLY-1109
>                 URL: https://issues.jboss.org/browse/WFLY-1109
>             Project: WildFly
>          Issue Type: Feature Request
>          Components: Security
>            Reporter: Akram Ben Aissi
>            Assignee: Anil Saldanha
>             Fix For: 11.0.0.Alpha1
>
>
> The OptionsRoleMappingProvider available in picketbox jars is intended to provided a simple way to map some toles to other roles.
> This case is usefull in many cases where you get roles from a system and want to map them to one or several JaaS Roles.
> However, OptionsRoleMappingProvider cannot be used in AS7 to map roles to groups because this provider contains an attribute Properties roleMaps which requires a Properties object to be initialized.
> A Properties object cannot be passed by AS7 configuration, so this provider cannot be used as is.
> Here is its required syntax according to picketbox documentation:
> {code:xml} 
> <mapping-module code="org.jboss.security.mapping.providers.OptionsRoleMappingProvider"
>           type="role">
>              <module-option name="rolesMap" >
>                         <java:properties xmlns:java="urn:jboss:java-properties"
>                                  xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
>                                  xs:schemaLocation="urn:jboss:java-properties resource:java-properties_1_0.xsd">
>                                  <java:property>
>                                     <java:key>validuser</java:key>
>                                     <java:value>AuthorizedUser,InternalUser</java:value>
>                                  </java:property>
>                            </java:properties>
>                       </module-option>
>                    <module-option name="replaceRoles">false</module-option>
>                </mapping-module>
>        </mapping>
> {code} 
> Such a syntax is not possible in AS7.
> Here is the incriminated code:
> {code:java} 
> private Properties roleMapProperties = new Properties();
>    /**
>     * Specifies
>     */
>    private boolean REPLACE_ROLES = false;
>    
>    public void init(Map<String,Object> opt)
>    {
>      this.options = opt;
>      if(options != null)
>      {
>         if(options.containsKey(REPLACE_ROLES_STRING))
>         {
>            REPLACE_ROLES = "true".equalsIgnoreCase((String)options.get(REPLACE_ROLES_STRING)); 
>         }
>         if(options.containsKey(ROLES_MAP))
>         {
>            roleMapProperties = (Properties)options.get(ROLES_MAP);
>         } 
>      } 
>    }
> {code} 
> As you can see, roleMapProperties is a Properties.
> But in AS7, options.get(ROLES_MAP) returns a String.
> So an adapter is required to make the AS match the contract, or another implemtation is required.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)