"Peder Nordvaller" <[EMAIL PROTECTED]> writes:
> What do you mean by authentication? I'm doing most of the stuff towards
> slide using the api, so I'm creating a domain via Domain.init() and using
> the helpers to check for permissions.
I thought you use webdav and there was a mistake.
> Given the following Domain.xml the
> user /users/joe (which is linked to in /users/MyGroup/joe) should be able to
> have /actions/read on /files/test - correct?
>
> After initializing slide, however:
>
> security.checkPermission(new SubjectNode("/files/test"), new
> SubjectNode("/users/joe), new ActionNode("/actions/read"));
>
> throws an AccessDeniedException, but the following two does not:
>
> security.checkPermission(new SubjectNode("/files/test"), new
> SubjectNode("/users/MyGroup), new ActionNode("/actions/read"));
> security.checkPermission(new SubjectNode("/files/test"), new
> SubjectNode("/users/MyGroup/joe), new ActionNode("/actions/read"));
>
>
> Following is my Domain.xml (which contains some other stuff used by my
> application):
>
> <?xml version="1.0"?>
>
> <slide logger="org.apache.slide.util.logger.SimpleLogger" logger-level="6"
> default="slide">
>
> <namespace name="fs">
>
> <definition>
[...]
> </definition>
>
> <configuration>
[...]
>
> <!-- Paths configuration -->
> <userspath>/users</userspath>
> <guestpath>guest</guestpath>
> <filespath>/files</filespath>
> <parameter name="dav">true</parameter>
> <parameter name="standalone">true</parameter>
>
> <!-- Roles definition -->
> <role name="root">slideroles.basic.RootRole</role>
> <role name="user">slideroles.basic.UserRole</role>
> <role name="guest">slideroles.basic.GuestRole</role>
>
> <!-- Users management -->
> <auto-create-users>true</auto-create-users>
>
>
> </configuration>
>
> <data>
>
> <objectnode classname="org.apache.slide.structure.SubjectNode"
> uri="/">
>
> <!-- Permissions for this Node-->
> <permission action="/actions" subject="root"/>
>
> <objectnode classname="org.apache.slide.structure.SubjectNode"
> uri="/users">
> <revision>
> <property name="rootgroup">true</property>
> </revision>
>
>
> <objectnode classname="slideroles.basic.RootRoleImpl"
> uri="/users/root">
> <revision>
> <property name="password"
> namespace="http://jakarta.apache.org/slide/";>root</property>
> <property name="rootgroup">/users</property>
> <property name="role">Root</property>
> </revision>
> </objectnode><!-- End /user/root -->
>
> <objectnode classname="slideroles.basic.GuestRoleImpl"
> uri="/users/guest">
> <revision>
> <property name="password"
> namespace="http://jakarta.apache.org/slide/";>guest</property>
> <property name="rootgroup">/users</property>
> <property name="role">Guest</property>
> </revision>
> </objectnode><!-- End /user/guest -->
>
> <objectnode classname="slideroles.basic.UserRoleImpl" uri="/users/joe">
> <revision>
> <property name="password"
> namespace="http://jakarta.apache.org/slide/";>joe</property>
> <property name="rootgroup">/users</property>
> <property name="role">User</property>
> </revision>
> </objectnode>
>
> <objectnode classname="org.apache.slide.structure.SubjectNode"
> uri="/users/MyGroup">
This should be a GroupNode, not a SubjectNode.
> <objectnode classname="org.apache.slide.structure.LinkNode"
> uri="/users/MyGroup/joe" linkedUri="/users/joe"/>
>
> </objectnode>
>
> </objectnode><!-- End /users -->
>
> <objectnode classname="org.apache.slide.structure.ActionNode"
> uri="/actions">
>
> <objectnode classname="org.apache.slide.structure.ActionNode"
> uri="/actions/read"/>
> <objectnode classname="org.apache.slide.structure.ActionNode"
> uri="/actions/write"/>
> <objectnode classname="org.apache.slide.structure.ActionNode"
> uri="/actions/manage"/>
>
> </objectnode><!-- End /actions -->
>
> <objectnode classname="org.apache.slide.structure.SubjectNode"
> uri="/files">
>
> <permission action="/actions" subject="guest"/>
>
> <objectnode classname="org.apache.slide.structure.SubjectNode"
> uri="/files/test">
>
> <permission action="/actions/read" subject="/users/MyGroup"
> inherit="true" negative="false"/>
>
Add a + here, because it is group.
subject="+/users/MyGroup"
> </objectnode>
>
> </objectnode><!-- End /files -->
>
>
> <objectnode classname="org.apache.slide.structure.SubjectNode"
> uri="/meta">
>
> <objectnode classname="org.apache.slide.structure.SubjectNode"
> uri="/meta/ContentType"/>
> <objectnode classname="org.apache.slide.structure.SubjectNode"
> uri="/meta/ActionTemplate"/>
> <objectnode classname="org.apache.slide.structure.SubjectNode"
> uri="/meta/PropertyTemplate"/>
> <objectnode classname="org.apache.slide.structure.SubjectNode"
> uri="/meta/ImageMacro"/>
>
> </objectnode><!-- End /meta -->
>
> </objectnode><!-- End / -->
>
> </data>
>
> </namespace>
>
> </slide>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
