RootAccountRealm is the first realm to touch when checking permissions

2026-03-13 09:32:21 +08:00 · 2026-02-24 14:53:17 +01:00
parent a651fd8b15
commit 25d115e01d
1 changed files with 1 additions and 1 deletions
--- a/graylog2-server/src/main/java/org/graylog2/bindings/providers/DefaultSecurityManagerProvider.java
+++ b/graylog2-server/src/main/java/org/graylog2/bindings/providers/DefaultSecurityManagerProvider.java
@@ -62,9 +62,9 @@ public class DefaultSecurityManagerProvider implements Provider<DefaultSecurityM
        }

        List<Realm> authorizingRealms = new ArrayList<>();
-        authorizingRealms.addAll(authorizingOnlyRealms.values());
        // root account realm might be deactivated and won't be present in that case
        orderedAuthenticatingRealms.getRootAccountRealm().ifPresent(authorizingRealms::add);
+        authorizingRealms.addAll(authorizingOnlyRealms.values());

        final ModularRealmAuthorizer authorizer = new ModularRealmAuthorizer(authorizingRealms);