Currently the WildcardPermission.implies() method contains the following code
snippet and comment.
// If this permission has less parts than the other permission, everything
after the number of parts contained
// in this permission is automatically implied, so return true
....
// If this permission has more parts than the other parts, only imply it if all
of the other parts are wildcards
for (; i < getParts().size(); i++) {
Set<String> part = getParts().get(i);
if (!part.contains(WILDCARD_TOKEN)) {
return false;
}
}
This means that If you have (User perms in first col, testing against across
columns)
{noformat}
A A:* A:B A:B:* A:B:C A:B:C:*
A t t t t t t
A:* T
t t t t t
A:B f f t t t t
A:B:* f f T t t t
A:B:C f f f f t t
A:B:C:* f f f f T t
{noformat}
I think the issues are where the upper case "T"s are. I believe that those
should be "F"
The logic being that once a separator (:) is presented it should no longer
match anything shorter than that.
Thoughts?
Claude
The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain proprietary, confidential or privileged information. If you are not the
intended recipient, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately and destroy all copies of this message and
any attachments. WARNING: Computer viruses can be transmitted via email. The
recipient should check this email and any attachments for the presence of
viruses. The company accepts no liability for any damage caused by any virus
transmitted by this email. www.wipro.com
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
