cvs commit: jakarta-slide/src/share/org/apache/slide/security SecurityImpl.java

Thu, 24 Oct 2002 23:18:06 -0700 

juergen     2002/10/24 23:16:01

  Modified:    src/share/org/apache/slide/security SecurityImpl.java
  Log:
  Because of currently the implemented semantic brings up some greate problems in 
usage and does not make much sense, I added the planned changes in the ACL standard 
for chaper 6.1.2 in advance to slide. Now slide implements the ACL semantic:
  Dav:all-grant-before-any-deny: The ACEs are evaluated in the order in which they 
appear in the ACL, until all privileges needed for the request have been granted. If 
an evaluated ACE denies a privilege needed for the request, the request MUST fail If 
all ACEs have been evaluted without the user being granted all privileges needed for 
the request, the request MUST fail. An example is the NT file system.
  
  !!!!! So be carefull, the ACL sematic changed !!!!
  (Eckehard)
  
  Revision  Changes    Path
  1.33      +7 -7      
jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java
  
  Index: SecurityImpl.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-slide/src/share/org/apache/slide/security/SecurityImpl.java,v
  retrieving revision 1.32
  retrieving revision 1.33
  diff -u -r1.32 -r1.33
  --- SecurityImpl.java 2 Oct 2002 06:29:44 -0000       1.32
  +++ SecurityImpl.java 25 Oct 2002 06:16:01 -0000      1.33
  @@ -466,7 +466,7 @@
               Enumeration permissions = courUri.getStore()
                   .enumeratePermissions(courUri);
               
  -            while (permissions.hasMoreElements()) {
  +            while (!granted && !denied && permissions.hasMoreElements()) {
                   
                   boolean oldGranted = granted;
                   boolean oldDenied = denied;
  @@ -485,7 +485,7 @@
                               subjectUriString = subjectUriString + "/";
   
                           check |= object.getUri().startsWith(subjectUriString);
  -                    } 
  +                    }
                       
                       // Self permission
                       granted = (!permission.isNegative())
  @@ -563,7 +563,7 @@
                                       match &= actionUri.toString().
                                           startsWith(permission.getActionUri());
                                       
  -                                    granted = (!permission.isNegative()) && 
  +                                    granted = (!permission.isNegative()) &&
                                           match;
                                       denied = permission.isNegative() && match;
                                       
  
  
  

--
To unsubscribe, e-mail:   <mailto:slide-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:slide-dev-help@;jakarta.apache.org>

Reply via email to