Hi,
Can anyone give us some pointers with this? What are we missing here?
The mission, (should you choose to accept it...) is to create two
collections
/slide/files/fred - in which fred (as member of groupB) may read and write,
but john can't see
and
/slide/files/john - which john (as member of groupA) may read & write, fred
can see
root must have full access to all (read & write to both).
With our config, root has full access, but a write by either john or fred
fails with a
forbidden error. (irrespective of collection used)
Our setup :-
We're running SLIDE 2.0.x (2002/06/20) in Tomcat 4.1.3 in Win2000.
We have added two users (fred and john) into \conf\tomcat-users.xml,
both with roles="user". root was left there, with roles="root,user".
They validate correctly when connecting.
We have un-commented the <security-constraint>....</auth-constraint>
block within \webapps\slide\WEB-INF\web.xml.
We have edited the configuration in \webapps\slide\Domain.xml to include
the following
:
:
<data>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/">
<!-- Subject can be:
self "~"
all "nobody"
user "/users/john"
group "+/users/groupA"
role "root"
-->
<!-- Uncomment the following line to give all permissions to
principals have the root role -->
<permission action="/actions" subject="root"/>
<permission action="/actions" subject="/users/root"/>
<permission action="/actions/read" subject="/users"
inheritable="false"/>
<permission action="/actions/read" subject="nobody"
inheritable="false"/>
<!-- /users -->
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/users">
<permission action="/actions" subject="~"/>
<permission action="/actions" subject="nobody"/>
<permission action="/actions" subject="/users/guest"
inheritable="true" negative="true"/>
<permission action="/actions/read" subject="/users"
inheritable="false"/>
<!-- groupA (john+root) -->
<objectnode
classname="org.apache.slide.structure.GroupNode" uri="/users/groupA">
<objectnode
classname="org.apache.slide.structure.LinkNode" uri="/users/groupA/john"
linkedUri="/users/john"/>
<objectnode
classname="org.apache.slide.structure.LinkNode" uri="/users/groupA/root"
linkedUri="/users/root"/>
<objectnode
classname="org.apache.slide.structure.SubjectNode"
uri="/users/groupA/singleGroupMember"/>
</objectnode>
<!-- groupB (fred+root) -->
<objectnode
classname="org.apache.slide.structure.GroupNode" uri="/users/groupB">
<objectnode
classname="org.apache.slide.structure.LinkNode" uri="/users/groupB/fred"
linkedUri="/users/fred"/>
<objectnode
classname="org.apache.slide.structure.LinkNode" uri="/users/groupB/root"
linkedUri="/users/root"/>
<objectnode
classname="org.apache.slide.structure.SubjectNode"
uri="/users/groupB/singleGroupMember"/>
</objectnode>
<!-- root has root role -->
<!-- /users/root represents the administrator -->
<objectnode classname="slideroles.basic.RootRoleImpl"
uri="/users/root">
<revision>
<property name="password">root</property>
</revision>
</objectnode>
<!-- john has user role -->
<!-- /users/john represents an authenticated user -->
<objectnode classname="slideroles.basic.UserRoleImpl"
uri="/users/john">
<revision><property
name="password">john</property></revision>
</objectnode>
<!-- fred has user role -->
<!-- /users/fred represents an authenticated user -->
<objectnode classname="slideroles.basic.UserRoleImpl"
uri="/users/fred">
<revision><property
name="password">fred</property></revision>
</objectnode>
<!-- guest has guest role -->
<!-- /users/guest represents an authenticated or
unauthenticated guest user -->
<objectnode classname="slideroles.basic.GuestRoleImpl"
uri="/users/guest">
<revision><property name="password"/></revision>
</objectnode>
</objectnode>
<!-- /actions -->
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions">
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions/read"/>
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions/write"/>
<objectnode
classname="org.apache.slide.structure.ActionNode" uri="/actions/manage"/>
</objectnode>
<!-- /files -->
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/files">
<!-- ### Give read/write/manage permission to guest ###
-->
<!-- permission action="/actions"
subject="/users/guest"/ -->
<!-- permission action="/actions/manage"
subject="/users/john"/ -->
<permission action="/actions/write"
subject="+/users/groupA"/>
<permission action="/actions/write"
subject="+/users/groupB"/>
<permission action="/actions/read" subject="nobody"/>
</objectnode>
<!-- /files/john : Wr=groupA rd=all -->
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/files/john">
<permission action="/actions/write"
subject="+/users/groupA"/>
<permission action="/actions/read" subject="nobody"/>
</objectnode>
<!-- /files/fred : Wr=groupB rd=groupB -->
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/files/fred">
<permission action="/actions/write"
subject="+/users/groupB"/>
<permission action="/actions/read"
subject="+/users/groupB"/>
</objectnode>
<!-- Delta-V -->
<!-- DeltaV: default history and workspace paths -->
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/history"/>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/workspace"/>
<objectnode
classname="org.apache.slide.structure.SubjectNode" uri="/workingresource"/>
</objectnode>
</data>
:
:
Many thanks
Anton Schoultz
Rubico (Pty) Ltd
Cell Phone: +27 83 651 7191
Tel: +27 (11) 808 1000
Fax: +27 (11) 808 1101
[EMAIL PROTECTED]
www.Rubico.com
The Business Component Company
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
