I have some doubt this code in PortletPermission is correct:
public boolean implies(Permission permission)
{
// The permission must be an instance
// of the PortletPermission.
if (!(permission instanceof PortletPermission))
{
return false;
}
String name = getName();
if (name != null)
{
int index = name.indexOf('*');
if (index > -1)
{
boolean test = permission.getName().startsWith
(name.substring(0, index));
//I THINK THIS IS WRONG!
return test;
}
// The portlet name must be the same.
if (!(permission.getName().equals(name)))
{
return false;
}
}
PortletPermission portletPerm = (PortletPermission) permission;
// Get the subject.
// It was either provide in the constructor.
Subject user = portletPerm.getSubject();
// Or we get it from the AccessControlContext.
if (null == user)
{
AccessControlContext context =
AccessController.getContext();
user = Subject.getSubject(context);
}
// No user was passed. The permission must be denied.
if (null == user)
{
return false;
}
// The action bits in portletPerm (permission)
// must be set in the current mask permission.
if ((mask & portletPerm.mask) != portletPerm.mask)
{
return false;
}
return true;
}
I would think that if test is false, we would return false, but that
if test is true we would go on and check all the other conditions.
Have I missed something?
I think this is what is intended:
public boolean implies(Permission permission)
{
// The permission must be an instance
// of the PortletPermission.
if (!(permission instanceof PortletPermission))
{
return false;
}
String name = getName();
if (name != null)
{
int index = name.indexOf('*');
if (index > -1)
{
if (! permission.getName().startsWith(name.substring
(0, index))) {
return false;
}
} else if (!(permission.getName().equals(name)))
{
// The portlet name must be the same.
return false;
}
}
PortletPermission portletPerm = (PortletPermission) permission;
// Get the subject.
// It was either provide in the constructor.
Subject user = portletPerm.getSubject();
// Or we get it from the AccessControlContext.
if (null == user)
{
AccessControlContext context =
AccessController.getContext();
user = Subject.getSubject(context);
}
// No user was passed. The permission must be denied.
if (null == user)
{
return false;
}
// The action bits in portletPerm (permission)
// must be set in the current mask permission.
if ((mask & portletPerm.mask) != portletPerm.mask)
{
return false;
}
return true;
}
thanks
david jencks
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
