Nathan Sarr wrote: > Looking at the ACE interface, I was wondering why an ACE only has a single > Sid and not an array of Sid(s) to allow a group of Sid(s) to be associated > with the same permission.
This is because an AccessControlEntry applies to a particular Sid. You can have multiple AccessControlEntry instances per Acl. A Sid can represent either a GrantedAuthority or a Principal or some custom extension, so you have some flexibility regarding what a Sid itself actually means. I don't recall exactly where I got to with the sandbox ACL refactoring. I know I got the key interfaces and classes done, together with the BasicLookupStrategy which provides a highly efficient way of retrieving ACLs. I hope to wrap this up before we release 1.0.2. As an early adopter, you'll need to write some code for modifying the ACL and ACE records, so please feel free to contribute those back to the project (along with any tests you might write). If you have any feedback more generally on the design, I warmly welcome it as well. Cheers Ben ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
