Hey Claude, I thought someone responded to this already (sorry) To me, this seems in line with the doc: https://shiro.apache.org/permissions.html#missing-parts At first glance, there are similar test cases in `WildcardPermissionTest <https://github.com/apache/shiro/blob/master/core/src/test/java/org/apache/shiro/authz/permission/WildcardPermissionTest.java#L143> `
Does that help clear things up? If not maybe a PR to that test class would help clarify the point? Thanks! -Brian On Tue, Jan 23, 2018 at 5:36 AM, [email protected] < [email protected]> wrote: > Not seeing any discussion of this and seeing no tests in the test cases > that perform any tests of this issue. I will open a defect and work on > that. > > > Claude > > ________________________________ > From: Claude Warren (Product Engineering Service) > Sent: Friday, January 12, 2018 12:52:52 PM > To: [email protected] > Subject: Defect in WildcardPermission evaluation? > > > Currently the WildcardPermission.implies() method contains the following > code snippet and comment. > > > // If this permission has less parts than the other permission, everything > after the number of parts contained > // in this permission is automatically implied, so return true > .... > > > // If this permission has more parts than the other parts, only imply it > if all of the other parts are wildcards > for (; i < getParts().size(); i++) { > Set<String> part = getParts().get(i); > if (!part.contains(WILDCARD_TOKEN)) { > return false; > } > } > > > This means that If you have (User perms in first col, testing against > across columns) > {noformat} > > > A A:* A:B A:B:* A:B:C A:B:C:* > A t t t t t t > A:* T > t t t t t > A:B f f t t t t > A:B:* f f T t t t > A:B:C f f f f t t > A:B:C:* f f f f T t > > {noformat} > > I think the issues are where the upper case "T"s are. I believe that > those should be "F" > > The logic being that once a separator (:) is presented it should no longer > match anything shorter than that. > > Thoughts? > Claude > > > The information contained in this electronic message and any attachments > to this message are intended for the exclusive use of the addressee(s) and > may contain proprietary, confidential or privileged information. If you are > not the intended recipient, you should not disseminate, distribute or copy > this e-mail. Please notify the sender immediately and destroy all copies of > this message and any attachments. WARNING: Computer viruses can be > transmitted via email. The recipient should check this email and any > attachments for the presence of viruses. The company accepts no liability > for any damage caused by any virus transmitted by this email. > www.wipro.com > > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________ >
