RE: permission

jakarta_slide_user Wed, 24 Apr 2002 07:23:30 -0700

Looks like a bug to me - should probably cut to the next "/" and use
equals(), or append a "/" before using startsWith().


> -----Original Message-----
> From: Piter Siman 
> [mailto:[EMAIL PROTECTED]
> .mailshell.com]
> Sent: Wednesday, April 24, 2002 4:35 PM
> To: [EMAIL PROTECTED]
> Subject: permission 
> 
> 
> Hi !
> 
> I have a question about permission in slide,
> 
> here is my use case:
> I have two users, example: /users/test and /users/test1
> one directory file, example: /files/filedirectory.
> 
> in /files/filedirectory I created two directories:
> /files/fileDirectory/test for /users/test and
> /files/fileDirectory/test1 for /users/test1
> 
> the permissions are
> /actions/read (not inheritable) for /users/test and /users/test1 in 
> /files/fileDirectory
> 
> /actions (inheritable) for /users/test in /files/fileDirectory/test
> /actions (inheritable) for /users/test1 in /files/fileDirectory/test1
> 
> My question is, why /users/test1 can perform /actions in 
> /files/fileDirectory/test ?
> 
> as I see in SecurityImpl.java:
> 
> granted = (!permission.isNegative())
>                             && (subjectUri.toString()
>                                 
> .startsWith(permission.getSubjectUri()))
>                             && (actionUri.toString()
>                                 
> .startsWith(permission.getActionUri()));
> 
> denied = (permission.isNegative())
>                             && (subjectUri.toString()
>                                 
> .startsWith(permission.getSubjectUri()))
>                             && (actionUri.toString()
>                                 
> .startsWith(permission.getActionUri()));
> 
> subjectUri is /users/test1
> permission.getSubjectUri() is /users/test. Because it used 
> startsWith, 
> /users/test1 can access /actions from /users/test.
> 
> Why it used startsWith?
> 
> thanks.
> 
> piter
> 
> --
> To unsubscribe, e-mail:   
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>



---------- Your subscription is protected by Mailshell ---------- 
As you requested, this email was forwarded to you by Mailshell.
Mailshell will forward your replies to this email and keep your
private email address safe.

To unsubscribe safely and easily using Mailshell or to stop forwarding:
http://www.mailshell.com/control.html?a=bjmo4cbomm57hhx9zzhlzw4ji_2cvkcgi27d
1ahlgjaegqsb

FreshAddress.com http://rd.mailshell.com/ad482
IMDb http://rd.mailshell.com/sp6

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: permission

Reply via email to