What do you mean by authentication? I'm doing most of the stuff towards
slide using the api, so I'm creating a domain via Domain.init() and using
the helpers to check for permissions. Given the following Domain.xml the
user /users/joe (which is linked to in /users/MyGroup/joe) should be able to
have /actions/read on /files/test - correct?
After initializing slide, however:
security.checkPermission(new SubjectNode("/files/test"), new
SubjectNode("/users/joe), new ActionNode("/actions/read"));
throws an AccessDeniedException, but the following two does not:
security.checkPermission(new SubjectNode("/files/test"), new
SubjectNode("/users/MyGroup), new ActionNode("/actions/read"));
security.checkPermission(new SubjectNode("/files/test"), new
SubjectNode("/users/MyGroup/joe), new ActionNode("/actions/read"));
Following is my Domain.xml (which contains some other stuff used by my
application):
<?xml version="1.0"?>
<slide logger="org.apache.slide.util.logger.SimpleLogger" logger-level="6"
default="slide">
<namespace name="fs">
<definition>
<store name="mysql">
<nodestore classname="slidestore.reference.JDBCDescriptorsStore">
<parameter name="driver">com.mysql.jdbc.Driver</parameter>
<parameter name="url">jdbc:mysql://localhost/filestore</parameter>
<parameter name="user">root</parameter>
<parameter name="password"></parameter>
</nodestore>
<securitystore>
<reference store="nodestore" />
</securitystore>
<lockstore>
<reference store="nodestore" />
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore" />
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore" />
</revisiondescriptorstore>
<contentstore classname="slidestore.reference.JDBCContentStore">
<parameter name="driver">com.mysql.jdbc.Driver</parameter>
<parameter name="url">jdbc:mysql://localhost/filestore</parameter>
<parameter name="user">root</parameter>
<parameter name="password"></parameter>
</contentstore>
</store>
<scope match="/" store="mysql" />
</definition>
<configuration>
<!-- Actions mapping -->
<default-action>/actions</default-action>
<read-object>/actions/read</read-object>
<create-object>/actions/write</create-object>
<remove-object>/actions/write</remove-object>
<grant-permission>/actions/manage</grant-permission>
<revoke-permission>/actions/manage</revoke-permission>
<read-permissions>/actions/manage</read-permissions>
<lock-object>/actions/write</lock-object>
<kill-lock>/actions/manage</kill-lock>
<read-locks>/actions/read</read-locks>
<read-revision-metadata>/actions/read</read-revision-metadata>
<create-revision-metadata>/actions/write</create-revision-metadata>
<modify-revision-metadata>/actions/write</modify-revision-metadata>
<remove-revision-metadata>/actions/write</remove-revision-metadata>
<read-revision-content>/actions/read</read-revision-content>
<create-revision-content>/actions/write</create-revision-content>
<modify-revision-content>/actions/write</modify-revision-content>
<remove-revision-content>/actions/write</remove-revision-content>
<!-- Paths configuration -->
<userspath>/users</userspath>
<guestpath>guest</guestpath>
<filespath>/files</filespath>
<parameter name="dav">true</parameter>
<parameter name="standalone">true</parameter>
<!-- Roles definition -->
<role name="root">slideroles.basic.RootRole</role>
<role name="user">slideroles.basic.UserRole</role>
<role name="guest">slideroles.basic.GuestRole</role>
<!-- Users management -->
<auto-create-users>true</auto-create-users>
</configuration>
<data>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/">
<!-- Permissions for this Node-->
<permission action="/actions" subject="root"/>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/users">
<revision>
<property name="rootgroup">true</property>
</revision>
<objectnode classname="slideroles.basic.RootRoleImpl"
uri="/users/root">
<revision>
<property name="password"
namespace="http://jakarta.apache.org/slide/";>root</property>
<property name="rootgroup">/users</property>
<property name="role">Root</property>
</revision>
</objectnode><!-- End /user/root -->
<objectnode classname="slideroles.basic.GuestRoleImpl"
uri="/users/guest">
<revision>
<property name="password"
namespace="http://jakarta.apache.org/slide/";>guest</property>
<property name="rootgroup">/users</property>
<property name="role">Guest</property>
</revision>
</objectnode><!-- End /user/guest -->
<objectnode classname="slideroles.basic.UserRoleImpl" uri="/users/joe">
<revision>
<property name="password"
namespace="http://jakarta.apache.org/slide/";>joe</property>
<property name="rootgroup">/users</property>
<property name="role">User</property>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/users/MyGroup">
<objectnode classname="org.apache.slide.structure.LinkNode"
uri="/users/MyGroup/joe" linkedUri="/users/joe"/>
</objectnode>
</objectnode><!-- End /users -->
<objectnode classname="org.apache.slide.structure.ActionNode"
uri="/actions">
<objectnode classname="org.apache.slide.structure.ActionNode"
uri="/actions/read"/>
<objectnode classname="org.apache.slide.structure.ActionNode"
uri="/actions/write"/>
<objectnode classname="org.apache.slide.structure.ActionNode"
uri="/actions/manage"/>
</objectnode><!-- End /actions -->
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/files">
<permission action="/actions" subject="guest"/>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/files/test">
<permission action="/actions/read" subject="/users/MyGroup"
inherit="true" negative="false"/>
</objectnode>
</objectnode><!-- End /files -->
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/meta">
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/meta/ContentType"/>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/meta/ActionTemplate"/>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/meta/PropertyTemplate"/>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/meta/ImageMacro"/>
</objectnode><!-- End /meta -->
</objectnode><!-- End / -->
</data>
</namespace>
</slide>
Any ideas? Thanks for helping me!
Regards, Peder
----- Original Message -----
From: "Martin Holz" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 08, 2004 2:01 PM
Subject: Re: Some newbie Security questions
> "Peder Nordvaller" <[EMAIL PROTECTED]> writes:
>
> > Hello,
> >
> > I'm writing an app that uses Slide, and I have some troubles
understanding
> > the ACL/Security. What I would like to do is the following:
> >
> > I have some users, for example:
> > /users/joe
> > /users/mary
> >
> > That both have /actions/read on /files (not inherited). This works just
> > fine, they can read the /files but no nodes below. Now I have a "user
> > group": /users/MyGroup under which I have created a link
/users/MyGroup/joe
> > to /users/joe. What I want to do is be able to grant /actions/read on
> > /files/somenode to /users/MyGroup (not inherited)- and with this make
every
> > linked user in this group also get this permission, so that in this case
joe
> > will also get /actions/read on /files/somenode. I would also like to be
able
> > to link users in this manner to several user groups with permissions so
that
> > the users get permissions from several groups. Is this possible? If so,
what
> > could I be missing if it's not working? I'm currently using the1.0.16
build.
>
> This should work with 1.0.16 (but not the CVS HEAD). Could you send your
> Domain.xml? Also how do you do the authentication ?
>
>
> Martin
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
