You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Russ Leong <ru...@kikuze.com> on 2002/05/06 09:50:13 UTC
checking permissions
Hi,
I have the following permissions in the Permissions table
Object - /
Subject - root
Action - /actions
Inheritable - 1
Negative - 0
Which means root has access to folder "/" for all actions under "/actions"
recursive because Inheritable = 1. If my understanding is wrong please
correct me.
I tried to check the permission using :
---------------------
NamespaceAccessToken nat = Domain.accessNamespace(new SecurityToken(""),
"slide");
Security security = nat.getSecurityHelper();
System.out.println("root actions? "+security.hasPermission(new
SubjectNode("/"), new SubjectNode("root"), new ActionNode("/actions")));
System.out.println("root Read? "+security.hasPermission(new
SubjectNode("/"), new SubjectNode("root"), new
ActionNode("/actions/read")));
Can someone tell me why both returned false? What is the correct way to
check for permissions? Note that I have turned off security and so there
should be no need for authentication. Thanks.
Russ
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: checking permissions
Posted by Jean-Philippe Courson <co...@noos.fr>.
Russ Leong wrote:
> Hi Jean,
> from your reply you mean in my code I need to use
> SubjectNode("/users/root") instead of new SubjectNode("root"), and in
> Permissions Table it is right for subject to be 'root' and not '/users/root'
> correct? I know this seems to be a simple setting but somehow I manage to
> get true only once, I tried many many times the different combinations of
> "root" and "/users/root" on both Permissions table and the code that calls
> hasPermission method. I have also restarted Orion numerous times. It seems
> that something seems to be caching the result or maybe I am just going
> crazy?
>
> Russ
>
>
> ----- Original Message -----
> From: "Jean-Philippe Courson" <co...@noos.fr>
> To: "Slide Users Mailing List" <sl...@jakarta.apache.org>
> Sent: Monday, May 06, 2002 4:09 PM
> Subject: Re: checking permissions
>
>
>
>>Russ Leong wrote:
>>
>>>Hi,
>>> I have the following permissions in the Permissions table
>>>
>>>Object - /
>>>Subject - root
>>>Action - /actions
>>>Inheritable - 1
>>>Negative - 0
>>>
>>>Which means root has access to folder "/" for all actions under
>>
> "/actions"
>
>>>recursive because Inheritable = 1. If my understanding is wrong please
>>>correct me.
>>>
>>>I tried to check the permission using :
>>>---------------------
>>>NamespaceAccessToken nat = Domain.accessNamespace(new SecurityToken(""),
>>>"slide");
>>>Security security = nat.getSecurityHelper();
>>>System.out.println("root actions? "+security.hasPermission(new
>>>SubjectNode("/"), new SubjectNode("root"), new ActionNode("/actions")));
>>>System.out.println("root Read? "+security.hasPermission(new
>>>SubjectNode("/"), new SubjectNode("root"), new
>>>ActionNode("/actions/read")));
>>>
>>>Can someone tell me why both returned false? What is the correct way to
>>>check for permissions? Note that I have turned off security and so there
>>>should be no need for authentication. Thanks.
>>>
>>>Russ
Sorry, my response was wrong :
'root' is a valid subject : it is root role.
See http://jakarta.apache.org/slide/security.html.
When you have such problems, don't forget to look at the logs for an
AccessDeniedException.
jp
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: checking permissions
Posted by Russ Leong <ru...@kikuze.com>.
Hi,
I have got it return true when I checked the permission, but not until I
changed my code to use new SubjectNode("/users/root") and in the Permissions
table changing the values in subject column from "root" to "/users/root".
I am not too sure about changing the database value in Permissions table
as the original value "root" was inserted by Slide when I init using the
sample Domain.xml so can someone please let me know if this is the correct
setup and result?
Russ
----- Original Message -----
From: "Russ Leong" <ru...@kikuze.com>
To: "Slide Users Mailing List" <sl...@jakarta.apache.org>
Sent: Monday, May 06, 2002 4:47 PM
Subject: Re: checking permissions
> Hi Jean,
> from your reply you mean in my code I need to use
> SubjectNode("/users/root") instead of new SubjectNode("root"), and in
> Permissions Table it is right for subject to be 'root' and not
'/users/root'
> correct? I know this seems to be a simple setting but somehow I manage to
> get true only once, I tried many many times the different combinations of
> "root" and "/users/root" on both Permissions table and the code that calls
> hasPermission method. I have also restarted Orion numerous times. It seems
> that something seems to be caching the result or maybe I am just going
> crazy?
>
> Russ
>
>
> ----- Original Message -----
> From: "Jean-Philippe Courson" <co...@noos.fr>
> To: "Slide Users Mailing List" <sl...@jakarta.apache.org>
> Sent: Monday, May 06, 2002 4:09 PM
> Subject: Re: checking permissions
>
>
> > Russ Leong wrote:
> > > Hi,
> > > I have the following permissions in the Permissions table
> > >
> > > Object - /
> > > Subject - root
> > > Action - /actions
> > > Inheritable - 1
> > > Negative - 0
> > >
> > > Which means root has access to folder "/" for all actions under
> "/actions"
> > > recursive because Inheritable = 1. If my understanding is wrong please
> > > correct me.
> > >
> > > I tried to check the permission using :
> > > ---------------------
> > > NamespaceAccessToken nat = Domain.accessNamespace(new
SecurityToken(""),
> > > "slide");
> > > Security security = nat.getSecurityHelper();
> > > System.out.println("root actions? "+security.hasPermission(new
> > > SubjectNode("/"), new SubjectNode("root"), new
ActionNode("/actions")));
> > > System.out.println("root Read? "+security.hasPermission(new
> > > SubjectNode("/"), new SubjectNode("root"), new
> > > ActionNode("/actions/read")));
> > >
> > > Can someone tell me why both returned false? What is the correct way
to
> > > check for permissions? Note that I have turned off security and so
there
> > > should be no need for authentication. Thanks.
> > >
> > > Russ
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> > >
> > >
> > >
> >
> > root user subjectNode URI is /users/root, not root
> >
> >
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: checking permissions
Posted by Russ Leong <ru...@kikuze.com>.
Hi Jean,
from your reply you mean in my code I need to use
SubjectNode("/users/root") instead of new SubjectNode("root"), and in
Permissions Table it is right for subject to be 'root' and not '/users/root'
correct? I know this seems to be a simple setting but somehow I manage to
get true only once, I tried many many times the different combinations of
"root" and "/users/root" on both Permissions table and the code that calls
hasPermission method. I have also restarted Orion numerous times. It seems
that something seems to be caching the result or maybe I am just going
crazy?
Russ
----- Original Message -----
From: "Jean-Philippe Courson" <co...@noos.fr>
To: "Slide Users Mailing List" <sl...@jakarta.apache.org>
Sent: Monday, May 06, 2002 4:09 PM
Subject: Re: checking permissions
> Russ Leong wrote:
> > Hi,
> > I have the following permissions in the Permissions table
> >
> > Object - /
> > Subject - root
> > Action - /actions
> > Inheritable - 1
> > Negative - 0
> >
> > Which means root has access to folder "/" for all actions under
"/actions"
> > recursive because Inheritable = 1. If my understanding is wrong please
> > correct me.
> >
> > I tried to check the permission using :
> > ---------------------
> > NamespaceAccessToken nat = Domain.accessNamespace(new SecurityToken(""),
> > "slide");
> > Security security = nat.getSecurityHelper();
> > System.out.println("root actions? "+security.hasPermission(new
> > SubjectNode("/"), new SubjectNode("root"), new ActionNode("/actions")));
> > System.out.println("root Read? "+security.hasPermission(new
> > SubjectNode("/"), new SubjectNode("root"), new
> > ActionNode("/actions/read")));
> >
> > Can someone tell me why both returned false? What is the correct way to
> > check for permissions? Note that I have turned off security and so there
> > should be no need for authentication. Thanks.
> >
> > Russ
> >
> >
> > --
> > To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> > For additional commands, e-mail:
<ma...@jakarta.apache.org>
> >
> >
> >
>
> root user subjectNode URI is /users/root, not root
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: checking permissions
Posted by Jean-Philippe Courson <co...@noos.fr>.
Russ Leong wrote:
> Hi,
> I have the following permissions in the Permissions table
>
> Object - /
> Subject - root
> Action - /actions
> Inheritable - 1
> Negative - 0
>
> Which means root has access to folder "/" for all actions under "/actions"
> recursive because Inheritable = 1. If my understanding is wrong please
> correct me.
>
> I tried to check the permission using :
> ---------------------
> NamespaceAccessToken nat = Domain.accessNamespace(new SecurityToken(""),
> "slide");
> Security security = nat.getSecurityHelper();
> System.out.println("root actions? "+security.hasPermission(new
> SubjectNode("/"), new SubjectNode("root"), new ActionNode("/actions")));
> System.out.println("root Read? "+security.hasPermission(new
> SubjectNode("/"), new SubjectNode("root"), new
> ActionNode("/actions/read")));
>
> Can someone tell me why both returned false? What is the correct way to
> check for permissions? Note that I have turned off security and so there
> should be no need for authentication. Thanks.
>
> Russ
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
>
root user subjectNode URI is /users/root, not root
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>