You are viewing a plain text version of this content. The canonical link for it is here.

Posted to slide-user@jakarta.apache.org by Russ Leong <ru...@kikuze.com> on 2002/05/06 09:50:13 UTC

checking permissions

Hi,
    I have the following permissions in the Permissions table

Object       - /
Subject      - root
Action        - /actions
Inheritable  - 1
Negative    - 0

Which means root has access to folder "/" for all actions under "/actions"
recursive because Inheritable = 1. If my understanding is wrong please
correct me.

I tried to check the permission using :
---------------------
NamespaceAccessToken nat = Domain.accessNamespace(new SecurityToken(""),
"slide");
Security security = nat.getSecurityHelper();
System.out.println("root actions? "+security.hasPermission(new
SubjectNode("/"), new SubjectNode("root"), new ActionNode("/actions")));
System.out.println("root Read? "+security.hasPermission(new
SubjectNode("/"), new SubjectNode("root"), new
ActionNode("/actions/read")));

Can someone tell me why both returned false? What is the correct way to
check for permissions? Note that I have turned off security and so there
should be no need for authentication. Thanks.

Russ


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: checking permissions

Posted by Jean-Philippe Courson <co...@noos.fr>.

Russ Leong wrote:
> Hi Jean,
>     from your reply you mean in my code I need to use
> SubjectNode("/users/root") instead of new SubjectNode("root"), and in
> Permissions Table it is right for subject to be 'root' and not '/users/root'
> correct? I know this seems to be a simple setting but somehow I manage to
> get true only once, I tried many many times the different combinations of
> "root" and "/users/root" on both Permissions table and the code that calls
> hasPermission method. I have also restarted Orion numerous times. It seems
> that something seems to be caching the result or maybe I am just going
> crazy?
> 
> Russ
> 
> 
> ----- Original Message -----
> From: "Jean-Philippe Courson" <co...@noos.fr>
> To: "Slide Users Mailing List" <sl...@jakarta.apache.org>
> Sent: Monday, May 06, 2002 4:09 PM
> Subject: Re: checking permissions
> 
> 
> 
>>Russ Leong wrote:
>>
>>>Hi,
>>>    I have the following permissions in the Permissions table
>>>
>>>Object       - /
>>>Subject      - root
>>>Action        - /actions
>>>Inheritable  - 1
>>>Negative    - 0
>>>
>>>Which means root has access to folder "/" for all actions under
>>
> "/actions"
> 
>>>recursive because Inheritable = 1. If my understanding is wrong please
>>>correct me.
>>>
>>>I tried to check the permission using :
>>>---------------------
>>>NamespaceAccessToken nat = Domain.accessNamespace(new SecurityToken(""),
>>>"slide");
>>>Security security = nat.getSecurityHelper();
>>>System.out.println("root actions? "+security.hasPermission(new
>>>SubjectNode("/"), new SubjectNode("root"), new ActionNode("/actions")));
>>>System.out.println("root Read? "+security.hasPermission(new
>>>SubjectNode("/"), new SubjectNode("root"), new
>>>ActionNode("/actions/read")));
>>>
>>>Can someone tell me why both returned false? What is the correct way to
>>>check for permissions? Note that I have turned off security and so there
>>>should be no need for authentication. Thanks.
>>>
>>>Russ

Sorry, my response was wrong :

'root' is a valid subject : it is root role.
See http://jakarta.apache.org/slide/security.html.

When you have such problems, don't forget to look at the logs for an
AccessDeniedException.

jp



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: checking permissions

Posted by Russ Leong <ru...@kikuze.com>.

Hi,
    I have got it return true when I checked the permission, but not until I
changed my code to use new SubjectNode("/users/root") and in the Permissions
table changing the values in subject column from "root" to "/users/root".

    I am not too sure about changing the database value in Permissions table
as the original value "root" was inserted by Slide when I init using the
sample Domain.xml so can someone please let me know if this is the correct
setup and result?

Russ


----- Original Message -----
From: "Russ Leong" <ru...@kikuze.com>
To: "Slide Users Mailing List" <sl...@jakarta.apache.org>
Sent: Monday, May 06, 2002 4:47 PM
Subject: Re: checking permissions


> Hi Jean,
>     from your reply you mean in my code I need to use
> SubjectNode("/users/root") instead of new SubjectNode("root"), and in
> Permissions Table it is right for subject to be 'root' and not
'/users/root'
> correct? I know this seems to be a simple setting but somehow I manage to
> get true only once, I tried many many times the different combinations of
> "root" and "/users/root" on both Permissions table and the code that calls
> hasPermission method. I have also restarted Orion numerous times. It seems
> that something seems to be caching the result or maybe I am just going
> crazy?
>
> Russ
>
>
> ----- Original Message -----
> From: "Jean-Philippe Courson" <co...@noos.fr>
> To: "Slide Users Mailing List" <sl...@jakarta.apache.org>
> Sent: Monday, May 06, 2002 4:09 PM
> Subject: Re: checking permissions
>
>
> > Russ Leong wrote:
> > > Hi,
> > >     I have the following permissions in the Permissions table
> > >
> > > Object       - /
> > > Subject      - root
> > > Action        - /actions
> > > Inheritable  - 1
> > > Negative    - 0
> > >
> > > Which means root has access to folder "/" for all actions under
> "/actions"
> > > recursive because Inheritable = 1. If my understanding is wrong please
> > > correct me.
> > >
> > > I tried to check the permission using :
> > > ---------------------
> > > NamespaceAccessToken nat = Domain.accessNamespace(new
SecurityToken(""),
> > > "slide");
> > > Security security = nat.getSecurityHelper();
> > > System.out.println("root actions? "+security.hasPermission(new
> > > SubjectNode("/"), new SubjectNode("root"), new
ActionNode("/actions")));
> > > System.out.println("root Read? "+security.hasPermission(new
> > > SubjectNode("/"), new SubjectNode("root"), new
> > > ActionNode("/actions/read")));
> > >
> > > Can someone tell me why both returned false? What is the correct way
to
> > > check for permissions? Note that I have turned off security and so
there
> > > should be no need for authentication. Thanks.
> > >
> > > Russ
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> > >
> > >
> > >
> >
> > root user subjectNode URI is /users/root, not root
> >
> >
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: checking permissions

Posted by Russ Leong <ru...@kikuze.com>.

Hi Jean,
    from your reply you mean in my code I need to use
SubjectNode("/users/root") instead of new SubjectNode("root"), and in
Permissions Table it is right for subject to be 'root' and not '/users/root'
correct? I know this seems to be a simple setting but somehow I manage to
get true only once, I tried many many times the different combinations of
"root" and "/users/root" on both Permissions table and the code that calls
hasPermission method. I have also restarted Orion numerous times. It seems
that something seems to be caching the result or maybe I am just going
crazy?

Russ


----- Original Message -----
From: "Jean-Philippe Courson" <co...@noos.fr>
To: "Slide Users Mailing List" <sl...@jakarta.apache.org>
Sent: Monday, May 06, 2002 4:09 PM
Subject: Re: checking permissions


> Russ Leong wrote:
> > Hi,
> >     I have the following permissions in the Permissions table
> >
> > Object       - /
> > Subject      - root
> > Action        - /actions
> > Inheritable  - 1
> > Negative    - 0
> >
> > Which means root has access to folder "/" for all actions under
"/actions"
> > recursive because Inheritable = 1. If my understanding is wrong please
> > correct me.
> >
> > I tried to check the permission using :
> > ---------------------
> > NamespaceAccessToken nat = Domain.accessNamespace(new SecurityToken(""),
> > "slide");
> > Security security = nat.getSecurityHelper();
> > System.out.println("root actions? "+security.hasPermission(new
> > SubjectNode("/"), new SubjectNode("root"), new ActionNode("/actions")));
> > System.out.println("root Read? "+security.hasPermission(new
> > SubjectNode("/"), new SubjectNode("root"), new
> > ActionNode("/actions/read")));
> >
> > Can someone tell me why both returned false? What is the correct way to
> > check for permissions? Note that I have turned off security and so there
> > should be no need for authentication. Thanks.
> >
> > Russ
> >
> >
> > --
> > To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> > For additional commands, e-mail:
<ma...@jakarta.apache.org>
> >
> >
> >
>
> root user subjectNode URI is /users/root, not root
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: checking permissions

Posted by Jean-Philippe Courson <co...@noos.fr>.

Russ Leong wrote:
> Hi,
>     I have the following permissions in the Permissions table
> 
> Object       - /
> Subject      - root
> Action        - /actions
> Inheritable  - 1
> Negative    - 0
> 
> Which means root has access to folder "/" for all actions under "/actions"
> recursive because Inheritable = 1. If my understanding is wrong please
> correct me.
> 
> I tried to check the permission using :
> ---------------------
> NamespaceAccessToken nat = Domain.accessNamespace(new SecurityToken(""),
> "slide");
> Security security = nat.getSecurityHelper();
> System.out.println("root actions? "+security.hasPermission(new
> SubjectNode("/"), new SubjectNode("root"), new ActionNode("/actions")));
> System.out.println("root Read? "+security.hasPermission(new
> SubjectNode("/"), new SubjectNode("root"), new
> ActionNode("/actions/read")));
> 
> Can someone tell me why both returned false? What is the correct way to
> check for permissions? Note that I have turned off security and so there
> should be no need for authentication. Thanks.
> 
> Russ
> 
> 
> --
> To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
> 
> 
> 

root user subjectNode URI is /users/root, not root


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>