Hi Jean-Charles, We don't support logical expressions in text configuration at the moment (please add a Jira issue if you'd like to see this feature!).
Currently most people use Permissions for this type of model, since they are much finer grained and allow you really customizable security policies. That is, you might see the following: /blabla/** = authc, perms[user:create] That way it doesn't matter what roles they have as long as at least one of the roles to which they're assigned implies the 'user:create' permission. I don't disagree it could be useful to support what you mention (text-based config with logical expressions for roles and/or permission checks), but if you think about it, its not entirely easy - we'd need to come up with a parsing/expression grammar that could parse your logical expression string and convert that into a security check. Its not very simple - we'd probably have to use something like antlr, and even then, I'm not sure that should be a required dependency. But, if you like, open a Jira issue and we could discuss it :) Cheers, Les On Wed, Apr 29, 2009 at 12:08 PM, jcvidal <[email protected]> wrote: > > Hi, > > I'm using Ki in an unusual way (with configuration in XML file instead of > Web.xml ini-file-like conf). > That's not the point (all is working well), but trying different scenarios, > i found a weird behaviour. > > Let's say there is in the conf file a line like this : > > /blabla/** = authc, roles[admin,superadmin] > > In my mind, this means : (authenticated) user with admin role OR superadmin > role may access to /blabla/** > I fact, it seems to be : user with admin role AND superadmin role may > access to /blabla/** > > Am i right or am i wrong ? > > Obviously, the next question is : if the AND behaviour is the standard one, > how to have a OR behaviour ? > > > > Best regards > > Jean-Charles > > -- > View this message in context: > http://n2.nabble.com/AND-or-OR-roles-filters---tp2741505p2741505.html > Sent from the JSecurity User mailing list archive at Nabble.com. > >
