Revision 7398
Added by ben leinfelder over 11 years ago
| src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java | ||
|---|---|---|
| 836 | 836 |
//defer to the shared util for recursively compiling the subjects |
| 837 | 837 |
Set<Subject> subjects = AuthUtils.authorizedClientSubjects(session); |
| 838 | 838 |
|
| 839 |
// track the identities we have checked against |
|
| 840 |
StringBuffer includedSubjects = new StringBuffer(); |
|
| 841 |
|
|
| 839 | 842 |
// get the system metadata |
| 840 | 843 |
String pidStr = pid.getValue(); |
| 841 | 844 |
SystemMetadata systemMetadata = null; |
| ... | ... | |
| 860 | 863 |
logMetacat.debug("Comparing \t" +
|
| 861 | 864 |
systemMetadata.getRightsHolder().getValue() + |
| 862 | 865 |
" \tagainst \t" + s.getValue()); |
| 866 |
includedSubjects.append(s.getValue() + "; "); |
|
| 863 | 867 |
allowed = systemMetadata.getRightsHolder().equals(s); |
| 864 | 868 |
if (allowed) {
|
| 865 | 869 |
return allowed; |
| ... | ... | |
| 897 | 901 |
|
| 898 | 902 |
// throw or return? |
| 899 | 903 |
if (!allowed) {
|
| 900 |
throw new NotAuthorized("1820", permission + " not allowed on " + pidStr);
|
|
| 904 |
throw new NotAuthorized("1820", permission + " not allowed on " + pidStr + " for subject[s]: " + includedSubjects.toString() );
|
|
| 901 | 905 |
} |
| 902 | 906 |
|
| 903 | 907 |
return allowed; |
Also available in: Unified diff
include the subjects we are testing for authentication.
https://redmine.dataone.org/issues/2778