[NMS-9937] Refactor UserGroupLdapAuthoritiesPopulator to provide a default role. - The OpenNMS Issue Tracker

XML

Word

Printable

Details

Type: Enhancement
Status: Resolved (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 21.0.5, Meridian-2016.1.11, Meridian-2017.1.6
Fix Version/s: 21.1.0, Meridian-2017.1.7
Component/s: Web UI - General
Security Level: Default (Default Security Scheme)
Labels:
- support

Sprint:
Horizon - April 4th 2018, Horizon - April 11th 2018

Description

Currently, when using LDAP/AD through Spring Security, this custom class that is part of our code base (a.k.a. UserGroupLdapAuthoritiesPopulator), is used to map LDAP groups from the authenticated user to OpenNMS Security Roles.

Now, if there are no matches, no roles will be assigned to the authenticated user, and you'll see a horrible "Access Denied".

Maybe the original intention was exactly that, but there are situations, on which you want to assign a default OpenNMS security role, because there is no common group in ActiveDirectory/LDAP that all the users can use in order to have the same functionality; which is even more critical when using Single Sign On.

Attachments

Activity

People

Assignee:: Dustin Frisch

Reporter:: Alejandro Galue

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 27/Mar/18 7:08 PM

Updated:: 26/Jul/18 1:18 PM

Resolved:: 18/Apr/18 12:33 PM

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.