You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by "Hermann, Eckehard" <Ec...@softwareag.com> on 2002/01/16 14:56:48 UTC
Read-ACL
Hi all,
I would like to use the read-acl and write-acl permissions. For this I
defined the following permissions under configuration in the Domain.xml
file:
<grant-permission>/administration/security/actions/write-acl</grant-permissi
on>
<revoke-permission>/administration/security/actions/write-acl</revoke-permis
sion>
<read-permissions>/administration/security/actions/read-acl</read-permission
s>
If I define an ACL/ACE with the permission deny write-acl for a principal on
a special node and this principal tries to execute the ACL method at this
node, slide returns with forbidden. But if I define an ACE with the
permission deny read-acl for a principal at a node and the principal tries
to do a propfind acl, all acls are returned. I had a look into the
PropFindMethod.java and the retrieve() method of the StructureImpl.java and
it seems to me that just a CheckCredentails to read permission and not to
read-acl permission as well is done.
Does anyone knows if I do anything wrong or if it is a bug, how it could be
fixed.
regards Eckehard
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Read-ACL
Posted by Dirk Verbeeck <di...@pandora.be>.
I think you are right but the place to look at is enumeratePermissions.
PropFindMethod:1298
Enumeration aclList = security.enumeratePermissions(slideToken,
current);
I know there are some methods there without security checks but I
thought they were only used internally.
If you want add a checkCredentials in enumeratePermissions and test.
Maybe create a bugzilla entry to not forget this.
Nice catch
Dirk
"Hermann, Eckehard" wrote:
>
> Hi all,
>
> I would like to use the read-acl and write-acl permissions. For this I
> defined the following permissions under configuration in the Domain.xml
> file:
>
> <grant-permission>/administration/security/actions/write-acl</grant-permissi
> on>
> <revoke-permission>/administration/security/actions/write-acl</revoke-permis
> sion>
> <read-permissions>/administration/security/actions/read-acl</read-permission
> s>
>
> If I define an ACL/ACE with the permission deny write-acl for a principal on
> a special node and this principal tries to execute the ACL method at this
> node, slide returns with forbidden. But if I define an ACE with the
> permission deny read-acl for a principal at a node and the principal tries
> to do a propfind acl, all acls are returned. I had a look into the
> PropFindMethod.java and the retrieve() method of the StructureImpl.java and
> it seems to me that just a CheckCredentails to read permission and not to
> read-acl permission as well is done.
>
> Does anyone knows if I do anything wrong or if it is a bug, how it could be
> fixed.
>
> regards Eckehard
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>