@@ -212,22 +212,6 @@ public void execute(AdminCommandContext context) {
212212 final List <String > existingPrincipals = new ArrayList (map .getPrincipal ());
213213 final List <String > existingUserGroups = new ArrayList (map .getUserGroup ());
214214
215- if (existingPrincipals .isEmpty () && addPrincipals != null ) {
216- report .setMessage (localStrings .getLocalString ("update.connector.security.map." +
217- "addPrincipalToExistingUserGroupsWorkSecurityMap" ,
218- "Failed to add principals to a security map with user groups." ));
219- report .setActionExitCode (ActionReport .ExitCode .FAILURE );
220- return ;
221- }
222-
223- if (existingUserGroups .isEmpty () && addUserGroups != null ) {
224- report .setMessage (localStrings .getLocalString ("update.connector.security.map." +
225- "addUserGroupsToExistingPrincipalsWorkSecurityMap" ,
226- "Failed to add user groups to a security map with principals." ));
227- report .setActionExitCode (ActionReport .ExitCode .FAILURE );
228- return ;
229- }
230-
231215 //check if there is any invalid principal in removePrincipals.
232216 if (removePrincipals != null ) {
233217 boolean principalExists = true ;
@@ -270,7 +254,7 @@ public void execute(AdminCommandContext context) {
270254
271255 //FIX : Bug 4914883.
272256 //The user should not delete all principals and usergroups in the map.
273- // Atleast one principal or usergroup must exists .
257+ // Atleast one principal or usergroup must exist .
274258
275259 if (addPrincipals == null && addUserGroups == null ) {
276260 boolean principalsEmpty = false ;
@@ -344,6 +328,11 @@ public void execute(AdminCommandContext context) {
344328 }
345329 }
346330
331+ //ensure that only user-groups or only principals exist in the security map after considering add/remove user-groups/principals option in
332+ //the update-connector-security-map command.
333+ if (!hasOnlyPrincipalsOrOnlyUserGroups (report , existingPrincipals , existingUserGroups ))
334+ return ;
335+
347336 BackendPrincipal backendPrincipal = map .getBackendPrincipal ();
348337
349338 try {
@@ -391,5 +380,35 @@ public Object run(ConfigBeanProxy... params) throws PropertyVetoException, Trans
391380 report .setActionExitCode (ActionReport .ExitCode .FAILURE );
392381 report .setFailureCause (tfe );
393382 }
394- }
383+ }
384+
385+ /**
386+ * A security map can have either a set of principals or a set of user-groups
387+ * but not a mix of both.
388+ * Validation to check whether only principals are present in the security map
389+ * or only user-groups are present in the security map.
390+ * @param report ActionReport
391+ * @param existingPrincipals principals
392+ * @param existingUserGroups user-groups
393+ * @return boolean true - if it is a homogeneous security map, false otherwise.
394+ */
395+ private boolean hasOnlyPrincipalsOrOnlyUserGroups (ActionReport report ,
396+ List <String > existingPrincipals , List <String > existingUserGroups ) {
397+ if (existingPrincipals .isEmpty () && addPrincipals != null ) {
398+ report .setMessage (localStrings .getLocalString ("update.connector.security.map." +
399+ "addPrincipalToExistingUserGroupsWorkSecurityMap" ,
400+ "Failed to add principals to a security map with user groups." ));
401+ report .setActionExitCode (ActionReport .ExitCode .FAILURE );
402+ return false ;
403+ }
404+
405+ if (existingUserGroups .isEmpty () && addUserGroups != null ) {
406+ report .setMessage (localStrings .getLocalString ("update.connector.security.map." +
407+ "addUserGroupsToExistingPrincipalsWorkSecurityMap" ,
408+ "Failed to add user groups to a security map with principals." ));
409+ report .setActionExitCode (ActionReport .ExitCode .FAILURE );
410+ return false ;
411+ }
412+ return true ;
413+ }
395414}
0 commit comments