Issue Description:
Suppose an administrator logs in as superuser and assigns ROLE_ADMINISTRATOR to an externally defined user. If he 'logs in as' that user, the user can access all of the functionality. However, when logging back in as the external user the assigned ROLE_ADMINISTRATOR role disappears.
Resolution:
Starting in JasperReports Server v5.2, the way roles are assigned are not under the control of the local administrator but, instead, through the external authentication server admin (e.g. if using LDAP, the LDAP administrator). When a user logs in, whatever roles are desginated to that account are applied through the authentication server. Any roles that are not explicitly assigned in such manner will be removed automatically.
Ref. Case #00035846
Recommended Comments
There are no comments to display.