Brian,

thanks for the response, but the document cited does not cover the question
nor do the test cases.


If we take the first two examples in the missing parts section:

it clearly states that  ( assume the symbol => means implies)

printer:print => printer:print:*


but says noting about

printer:print:* => printer:print

I think that this statement is false.  Logically the addition of the ":*"
should indicate that permissions are grated to things under "printer:print"
but not to "printer:print" itself.


I hope this makes sense.

Claude






On Tue, Jan 23, 2018 at 2:48 PM, Brian Demers <[email protected]>
wrote:

> Hey Claude, I thought someone responded to this already (sorry)
>
> To me, this seems in line with the doc:
> https://shiro.apache.org/permissions.html#missing-parts
> At first glance, there are similar test cases in `WildcardPermissionTest
> <https://github.com/apache/shiro/blob/master/core/src/
> test/java/org/apache/shiro/authz/permission/WildcardPermissionTest.java#
> L143>
> `
>
> Does that help clear things up? If not maybe a PR to that test class would
> help clarify the point?
>
> Thanks!
> -Brian
>
>
> On Tue, Jan 23, 2018 at 5:36 AM, [email protected] <
> [email protected]> wrote:
>
> > Not seeing any discussion of this and seeing no tests in the test cases
> > that perform any tests of this issue.  I will open a defect and work on
> > that.
> >
> >
> > Claude
> >
> > ________________________________
> > From: Claude Warren (Product Engineering Service)
> > Sent: Friday, January 12, 2018 12:52:52 PM
> > To: [email protected]
> > Subject: Defect in WildcardPermission evaluation?
> >
> >
> > Currently the WildcardPermission.implies() method contains the following
> > code snippet and comment.
> >
> >
> > // If this permission has less parts than the other permission,
> everything
> > after the number of parts contained
> > // in this permission is automatically implied, so return true
> >  ....
> >
> >
> > // If this permission has more parts than the other parts, only imply it
> > if all of the other parts are wildcards
> >         for (; i < getParts().size(); i++) {
> >             Set<String> part = getParts().get(i);
> >             if (!part.contains(WILDCARD_TOKEN)) {
> >                 return false;
> >             }
> >         }
> >
> >
> > This means that If you have (User perms in first col, testing against
> > across columns)
> > {noformat}
> >
> >
> >         A       A:*     A:B     A:B:*   A:B:C   A:B:C:*
> > A       t       t       t       t       t       t
> > A:*     T
> >         t       t       t       t       t
> > A:B     f       f       t       t       t       t
> > A:B:*   f       f       T       t       t       t
> > A:B:C   f       f       f       f       t       t
> > A:B:C:* f       f       f       f       T       t
> >
> > {noformat}
> >
> > I think the issues are where the upper case  "T"s are.   I believe that
> > those should be "F"
> >
> > The logic being that once a separator (:) is presented it should no
> longer
> > match anything shorter than that.
> >
> > Thoughts?
> > Claude
> >
> >
> > The information contained in this electronic message and any attachments
> > to this message are intended for the exclusive use of the addressee(s)
> and
> > may contain proprietary, confidential or privileged information. If you
> are
> > not the intended recipient, you should not disseminate, distribute or
> copy
> > this e-mail. Please notify the sender immediately and destroy all copies
> of
> > this message and any attachments. WARNING: Computer viruses can be
> > transmitted via email. The recipient should check this email and any
> > attachments for the presence of viruses. The company accepts no liability
> > for any damage caused by any virus transmitted by this email.
> > www.wipro.com
> >
> > ______________________________________________________________________
> > This email has been scanned by the Symantec Email Security.cloud service.
> > For more information please visit http://www.symanteccloud.com
> > ______________________________________________________________________
> >
>



-- 
I like: Like Like - The likeliest place on the web
<http://like-like.xenei.com>
LinkedIn: http://www.linkedin.com/in/claudewarren

Reply via email to