[
https://issues.apache.org/jira/browse/JCR-2700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela resolved JCR-2700.
-------------------------
Resolution: Fixed
the resourcebased access control model has been extended to allow a single
"glob" restriction to be added for ACEs,
which works according to the pattern defined by Node#getNodes(String[]) with
the following special cases. any other restriction will be used to determine
the exact match to the target path.
- no restriction works as before: the ACE takes effect on the complete subtree
as it used to be before.
- an empty string restriction forces the ACE to take effect on the node it has
been applied.
known limitations:
- the pattern is a simple string value. it isn't namespace sensitive and makes
no attempt to convert the any qualified name(fragments)
to internal name representations. a restriction "*/my:property" will be
evaluated literally and will never match a my:property item
if the corresponding namespace uri gets remapped to some other prefix.
- the current implementation has not yet been optimized... this will be covered
by JCR-2573
> Allow for wildcard restriction in resource-based ACEs
> -----------------------------------------------------
>
> Key: JCR-2700
> URL: https://issues.apache.org/jira/browse/JCR-2700
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core, security
> Affects Versions: 2.1.0
> Reporter: angela
> Assignee: angela
> Priority: Minor
> Fix For: 2.2.0
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
