Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Global properties access should be privileged

Description

Avoid exposing global properties to anonymous users by default and be as backwards-compatible as possible.

1. Refactor getGlobalProperty API method implementations to throw an authentication exception if user is not authenticated and property requested is not on a list of anonymously-accessible global properties.
2. Assuming this breaks startup, by logging the global properties that are are denied, and iterating on startup process, we should be able to build the list of global properties that need to be available anonymously for startup.
3. If the list of global properties needed to expose anonymously for startup is short & comprises only core global properties, the list can be managed explicitly. If we find there are several global properties from modules that need to be exposed anonymously for startup, then we may need to create a method for modules to add global properties to the list of anonymously accessible global properties.

Extra credit: After having done the above, then we would benefit from extending this approach to allow for specific global properties to have additional privilege requirements – i.e., the few that contain particularly sensitive information like a password.

After spiking on this and discussing during yesterday's platform call, we agreed to use a combination of Context.Context.addProxyPrivilege("Get Global Properties") and Context.removeProxyPrivilege("Get Global Properties") for places where we need anonymous access to global properties and then add the privilege annotation `@Authorized(PrivilegeConstants.GET_GLOBAL_PROPERTIES)` to the global property access methods in AdministratonService.

Below are example classes with global properties which are accessed before login, for the 2.x reference application:

In order to get global properties that are accessed before login, for all methods that get global properties in here https://github.com/openmrs/openmrs-core/blob/master/api/src/main/java/org/openmrs/api/AdministrationService.java add this annotation @Authorized(PrivilegeConstants.GET_GLOBAL_PROPERTIES) and then run the reference application. In your server side logs, you will get privilege errors for each global property that is being accessed before login.

In addition to all this, we need to add the PrivilegeConstants.GET_GLOBAL_PROPERTIES privilege to the RoleConstants.AUTHENTICATED

Activity

Show:

Daniel Kayiwa November 26, 2024 at 7:34 PM

Wikum Weerakutti November 25, 2024 at 7:31 AM

I am closing this for the Platform 2.70 release.

Wikum Weerakutti July 30, 2024 at 2:11 PM

Org Administrator June 26, 2024 at 7:37 PM

Wikum Weerakutti June 19, 2024 at 4:35 PM

I created a pull request to add support to the reference application module: openmrs/openmrs-module-referenceapplication#105

Done

Details

Assignee

Reporter

Labels

Complexity

Low

Fix versions

Priority

Created October 18, 2023 at 6:01 PM
Updated November 26, 2024 at 7:35 PM
Resolved November 25, 2024 at 7:31 AM