You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2017/02/21 11:56:09 UTC
svn commit: r1783873 - /subversion/site/publish/docs/release-notes/1.10.html
Author: stsp
Date: Tue Feb 21 11:56:09 2017
New Revision: 1783873
URL: http://svn.apache.org/viewvc?rev=1783873&view=rev
Log:
* publish/docs/release-notes/1.10.html
(#authzperf): Fill in some details.
Modified:
subversion/site/publish/docs/release-notes/1.10.html
Modified: subversion/site/publish/docs/release-notes/1.10.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/docs/release-notes/1.10.html?rev=1783873&r1=1783872&r2=1783873&view=diff
==============================================================================
--- subversion/site/publish/docs/release-notes/1.10.html (original)
+++ subversion/site/publish/docs/release-notes/1.10.html Tue Feb 21 11:56:09 2017
@@ -191,12 +191,53 @@ users. We'll cover those in this sectio
<a class="sectionlink" href="#authzperf"
title="Link to this section">¶</a>
</h3>
+<p> Subversion 1.10 provides a new implementation of path-based authorization
+ with improved performance and wildcard support.</p>
-<p> ... <b>TODO</b> ...
-(for now, see <a
-href="https://wiki.apache.org/subversion/AuthzImprovements">wiki page</a>)
+<p>Existing authz rules come in two flavours, repository-specific and global:
+ <pre>
+ [repos:/path]
+ [/path]
+ </pre>
+ In these rules, <tt>/path</tt> is always matched literally.
+ The new authz rule parser supports two new forms for rules which may contain
+ wildcards in the path element:
+ <pre>
+ [:glob:repos:/path]
+ [:glob:/path]
+ </pre></p>
+
+<p>The following wildcard syntax elements are supported in glob rules:
+<ul>
+<li><tt>*</tt> matches a single (exactly one), arbitrary path segment</li>
+<li><tt>**</tt> mathes an arbitrary number of path segments, seperated by a forward slash: <tt>/</tt></li>
+<li>Classic wildcard patterns such as <tt>*foo*.bar</tt> work as expected, including escaping of special
+ characters with a backslash: <tt>\</tt></li>
+</ul>
</p>
+<p>All wildcards apply to full path segments only, i.e. <tt>*</tt> never matches <tt>/</tt>, except for the
+case where <tt>/**/</tt> matches zero or more path segments. For example, <tt>/*/**/*</tt> will match any path
+which contains at least 2 segments and is equivalent to <tt>/**/*/*</tt> as well as <tt>/*/*/**</tt>. </p>
+
+<p>Because a glob rule is not required to contain wildcards in the path, two sections
+ with different names may apply to the same path. For example, the following two
+ rules are identical:
+ <pre>
+ [/path/without/wildcards]
+ [:glob:/path/without/wildcards]
+ </pre>
+ The new authz rule parser detects and rejects such collisions.</p>
+
+<p>The old authz parser, in Subversion 1.9 and earlier, allowed syntactic
+ entries which grant write-only access. For example:
+ <pre>
+ [/]
+ * = w
+ </pre>
+ The new parser flags such entries as invalid.
+ Neither the old nor the new authz implementation support write-only access.</p>
+
</div> <!-- authzperf -->
<div class="h3" id="conflict-resolver">