Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 335440

Summary:	[server] The authorization rules should contain methods
Product:	[ECD] Orion	Reporter:	Szymon Brandys <Szymon.Brandys>
Component:	Client	Assignee:	Szymon Brandys <Szymon.Brandys>
Status:	RESOLVED FIXED	QA Contact:
Severity:	normal
Priority:	P3	CC:	malgorzata.tomczyk
Version:	0.2
Target Milestone:	0.2
Hardware:	PC
OS:	Windows XP
Whiteboard:

Description Szymon Brandys

2011-01-26 08:12:15 EST

Right now authorization rules contain only URIs which can be access by users. They should also contain information which methods are allowed for given URIs.

Comment 1 Szymon Brandys

2011-01-26 08:42:32 EST

I have released an initial patch. Now Access Rules in Users.prefs are stored using a slightly changed format. Instead of entries like:

[userId]/UserRights=["/workspace/B", "/workspace/B/*"]

we have

[userId]/UserRights=[{"Method"\:15,"Uri"\:"/workspace/B"},{"Method"\:15,"Uri"\:"/workspace/B/*"}]

Method describes which HTTP methods are allowed. See AuthorizationService for details. 15 means all POST, PUT. GET and DELETE methods are allowed.

Comment 2 John Arthorne

2011-01-26 15:10:42 EST

This was a breaking change to our auth data. Running the server on an existing workspace gives this error:

}
15:06:46.339 [2132159132@qtp-391094511-0] ERROR org.mortbay.log - /workspace/A
java.lang.ClassCastException: java.lang.String cannot be cast to org.json.JSONObject
	at org.eclipse.orion.internal.server.servlets.workspace.authorization.AuthorizationService.checkRights(AuthorizationService.java:149) ~[na:na]
	at org.eclipse.orion.server.configurator.servlet.AuthorizationFilter.doFilter(AuthorizationFilter.java:33) ~[na:na]
	at org.eclipse.equinox.http.registry.internal.FilterManager$FilterWrapper.doFilter(FilterManager.java:173) ~[na:na]
	at org.eclipse.equinox.http.servlet.internal.FilterRegistration.doFilter(FilterRegistration.java:71) ~[na:na]
	at org.eclipse.equinox.http.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:25) ~[na:na]
	at org.eclipse.orion.server.configurator.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:65) ~[na:na]
	at org.eclipse.equinox.http.registry.internal.FilterManager$FilterWrapper.doFilter(FilterManager.java:173) ~[na:na]
	at org.eclipse.equinox.http.servlet.internal.FilterRegistration.doFilter(FilterRegistration.java:71) ~[na:na]
	at org.eclipse.equinox.http.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:25) ~[na:na]
	at org.eclipse.orion.internal.server.servlets.file.EditSupportFilter.doFilter(EditSupportFilter.java:46) ~[na:na]
	at org.eclipse.equinox.http.registry.internal.FilterManager$FilterWrapper.doFilter(FilterManager.java:173) ~[na:na]
	at org.eclipse.equinox.http.servlet.internal.FilterRegistration.doFilter(FilterRegistration.java:71) ~[na:na]
	at org.eclipse.equinox.http.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:25) ~[na:na]
	at org.eclipse.orion.server.configurator.servlet.WelcomeFileFilter.doFilter(WelcomeFileFilter.java:37) ~[na:na]

Comment 3 John Arthorne

2011-01-26 15:59:02 EST

I have entered a separate bug about migrating user right data: bug 335506.

Comment 4 Szymon Brandys

2011-02-03 05:41:10 EST

Fixed.