Raj Kumar wrote:
> hi dirk,
> I wonder if the change you made in the Domain.xml file is required. On the
> slide documentation
> page at http://jakarta.apache.org/slide/security.html it says at the end
> in the NodePermission section
>
> Subject: Subject of the permission. This can be either the uri of an object
> in the namespace, the name (or interface class name) of a role or a self
> permission (in which case the subject is equal to "~").
>
> Since the subject can have the name of the role(defined in the roles
> section) as its value i think what was meant
> by line <permission action="/actions" subject="root"/> is that all users
> having the root role have permissions to all actions of the root node("/").
> And this makes sense because instead of having to list all the possible
> users who have a permission you can just list the roles that the user has to
> have in order to have a permission.
> thanks,
> rajkumar
Yes, but I don't like the current role implementation and don't think people
should use it.
As you can see there is also no support for it in the webdav code.
But I'll add an example of a role permission and add some comments.
I'll have some ideas for improving the roles and security in general but it will
have to wait until after the release, if it gets in the general version at all
because it will change some interfaces.
Dirk
