Strange behaviour!
After setting the ACL with WebdavResource.aclMethod the ACL-Info shows the correct settings and the server acts as expected:
Subject Action Inheritable Deny /files/users/slideadmin /actions true false
/files/users/ockenfeld /actions true false
+/files/users/groups/12200963 /actions true false
/files/users /actions true true
But in some cases the order of the ACEs changes(I don't know why) and the server denies access to everybody!
Subject Action Inheritable Deny /files/users /actions true true
+/files/users/groups/12200963 /actions true false /files/users/ockenfeld /actions true false /files/users/slideadmin /actions true false
Does anybody know, whats going on here?!?
I'm using slide from 21-04-2003 on JBoss 3.2.1 with a MySQL-DB and I have got a big security-problem...
Please help!
Regards Marc
Marc,
Here's my best guess at what's going on - I'll note, however, that I haven't used a JDBC slide store for some time, and I haven't actually seen this error, so I certainly could be wrong.
The security layer obviously relies on the ACEs being in a particular order - which is fine. However, the store layer does not enforce any ordering, and many of the stores (all the database-backed ones, at least) make no attempt to keep the ordering.
That was fine when the stores were written (at that time, the security layer didn't depend on ACE order, I think), but when the security layer was changed, the store interfaces were not. I pointed out at the time that this was broken, but my advice was apparently ignored.
You'll have to modify whichever store you're using (the permissions table) to include some column for ordering purposes, and use that to set and return things in order.
Fixing this properly requires some minor changes to at least the documentation of the SecurityStore interface, as well as (of course) changes to most of the stores.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
