You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Manoj Khangaonkar <kh...@gmail.com> on 2011/06/23 21:59:38 UTC
WildcardPermission
Hi,
In the default permission handling based on WildcardPermission
file:*:myfile implies file:read:myfile
and
file:myfile implies file:read:myfile
* and missing part are wildcards.
But
file::myfile does not imply file:read:myfile.
With file::myfile , WildcardPermission treats "file" , "", "myfile" as
the parts. There is no wildcard. It has to be a
direct match.
Is this the intended behaviour ? I ran into it because of a user error
and I am unable to think of how a "" part
might be useful.
I was feeling that WildcardPermission should throw an
IllegalArgumentException if one of the parts is a "" .
thanks
Manoj
--
http://khangaonkar.blogspot.com/
Re: WildcardPermission
Posted by Manoj Khangaonkar <kh...@gmail.com>.
On Thu, Jun 23, 2011 at 2:19 PM, Les Hazlewood <lh...@apache.org> wrote:
> Hi Manoj,
>
> file:myfile does not imply file:read:myfile - I assume this is a typo
> in your example.
My bad. Parts can be left of only from the end
>
> At the moment, an empty string in the token does not mean anything.
> We'd have to discuss what should happen (throw an exception? Assume
> the default of '*'?). Can you please open a Jira issue for this?
>
Opened SHiro 308
> Thanks,
>
> --
> Les Hazlewood
> CTO, Katasoft | http://www.katasoft.com | 888.391.5282
> twitter: http://twitter.com/lhazlewood
> katasoft blog: http://www.katasoft.com/blogs/lhazlewood
> personal blog: http://leshazlewood.com
>
--
http://khangaonkar.blogspot.com/
Re: WildcardPermission
Posted by Manoj Khangaonkar <kh...@gmail.com>.
On Thu, Jun 23, 2011 at 2:19 PM, Les Hazlewood <lh...@apache.org> wrote:
> Hi Manoj,
>
> file:myfile does not imply file:read:myfile - I assume this is a typo
> in your example.
My bad. Parts can be left of only from the end
>
> At the moment, an empty string in the token does not mean anything.
> We'd have to discuss what should happen (throw an exception? Assume
> the default of '*'?). Can you please open a Jira issue for this?
>
Opened SHiro 308
> Thanks,
>
> --
> Les Hazlewood
> CTO, Katasoft | http://www.katasoft.com | 888.391.5282
> twitter: http://twitter.com/lhazlewood
> katasoft blog: http://www.katasoft.com/blogs/lhazlewood
> personal blog: http://leshazlewood.com
>
--
http://khangaonkar.blogspot.com/
Re: WildcardPermission
Posted by Les Hazlewood <lh...@apache.org>.
Hi Manoj,
file:myfile does not imply file:read:myfile - I assume this is a typo
in your example.
At the moment, an empty string in the token does not mean anything.
We'd have to discuss what should happen (throw an exception? Assume
the default of '*'?). Can you please open a Jira issue for this?
Thanks,
--
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com
Re: WildcardPermission
Posted by Les Hazlewood <lh...@apache.org>.
Hi Manoj,
file:myfile does not imply file:read:myfile - I assume this is a typo
in your example.
At the moment, an empty string in the token does not mean anything.
We'd have to discuss what should happen (throw an exception? Assume
the default of '*'?). Can you please open a Jira issue for this?
Thanks,
--
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com