Hi Les You're right : it won't be simple. I already thought about permissions, but it's a little bit too granular :) I'm thinking about the JIRA, but not for now ....
Thanks a lot for your help Best regards Jean-Charles Les Hazlewood-2 wrote: > > Hi Jean-Charles, > > We don't support logical expressions in text configuration at the moment > (please add a Jira issue if you'd like to see this feature!). > > Currently most people use Permissions for this type of model, since they > are > much finer grained and allow you really customizable security policies. > > That is, you might see the following: > > /blabla/** = authc, perms[user:create] > > That way it doesn't matter what roles they have as long as at least one of > the roles to which they're assigned implies the 'user:create' permission. > > I don't disagree it could be useful to support what you mention > (text-based > config with logical expressions for roles and/or permission checks), but > if > you think about it, its not entirely easy - we'd need to come up with a > parsing/expression grammar that could parse your logical expression string > and convert that into a security check. > > Its not very simple - we'd probably have to use something like antlr, and > even then, I'm not sure that should be a required dependency. But, if you > like, open a Jira issue and we could discuss it :) > > Cheers, > > Les > > On Wed, Apr 29, 2009 at 12:08 PM, jcvidal <[email protected]> wrote: > >> >> Hi, >> >> I'm using Ki in an unusual way (with configuration in XML file instead of >> Web.xml ini-file-like conf). >> That's not the point (all is working well), but trying different >> scenarios, >> i found a weird behaviour. >> >> Let's say there is in the conf file a line like this : >> >> /blabla/** = authc, roles[admin,superadmin] >> >> In my mind, this means : (authenticated) user with admin role OR >> superadmin >> role may access to /blabla/** >> I fact, it seems to be : user with admin role AND superadmin role may >> access to /blabla/** >> >> Am i right or am i wrong ? >> >> Obviously, the next question is : if the AND behaviour is the standard >> one, >> how to have a OR behaviour ? >> >> >> >> Best regards >> >> Jean-Charles >> >> -- >> View this message in context: >> http://n2.nabble.com/AND-or-OR-roles-filters---tp2741505p2741505.html >> Sent from the JSecurity User mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://n2.nabble.com/AND-or-OR-roles-filters---tp2741505p2745765.html Sent from the JSecurity User mailing list archive at Nabble.com.
