Thanks Martin, that solved the problem - now setting permissions for groups
works just fine!
Another (related) question though: How can I enumerate the permissions for a
certain SubjectNode? The security.enumeratePermissions only seems to give me
what permissions affect a certain Object (for example
security.enumeratePermissions(slideToken, "/users") gives me an Enumeration
of all permissions that have object = /users). How can I do the reverse -
get an Enumeration of all permissions that have subject = *something* so
that I can list all permissions that a certain group has been granted for
example?
Regards, Peder
----- Original Message -----
From: "Martin Holz" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 09, 2004 3:25 PM
Subject: Re: Some newbie Security questions
> "Peder Nordvaller" <[EMAIL PROTECTED]> writes:
>
> > What do you mean by authentication? I'm doing most of the stuff towards
> > slide using the api, so I'm creating a domain via Domain.init() and
using
> > the helpers to check for permissions.
>
> I thought you use webdav and there was a mistake.
>
> > Given the following Domain.xml the
> > user /users/joe (which is linked to in /users/MyGroup/joe) should be
able to
> > have /actions/read on /files/test - correct?
> >
> > After initializing slide, however:
> >
> > security.checkPermission(new SubjectNode("/files/test"), new
> > SubjectNode("/users/joe), new ActionNode("/actions/read"));
> >
> > throws an AccessDeniedException, but the following two does not:
> >
> > security.checkPermission(new SubjectNode("/files/test"), new
> > SubjectNode("/users/MyGroup), new ActionNode("/actions/read"));
> > security.checkPermission(new SubjectNode("/files/test"), new
> > SubjectNode("/users/MyGroup/joe), new ActionNode("/actions/read"));
> >
> >
> > Following is my Domain.xml (which contains some other stuff used by my
> > application):
> >
> > <?xml version="1.0"?>
> >
> > <slide logger="org.apache.slide.util.logger.SimpleLogger"
logger-level="6"
> > default="slide">
> >
> > <namespace name="fs">
> >
> > <definition>
> [...]
> > </definition>
> >
> > <configuration>
> [...]
> >
> > <!-- Paths configuration -->
> > <userspath>/users</userspath>
> > <guestpath>guest</guestpath>
> > <filespath>/files</filespath>
> > <parameter name="dav">true</parameter>
> > <parameter name="standalone">true</parameter>
> >
> > <!-- Roles definition -->
> > <role name="root">slideroles.basic.RootRole</role>
> > <role name="user">slideroles.basic.UserRole</role>
> > <role name="guest">slideroles.basic.GuestRole</role>
> >
> > <!-- Users management -->
> > <auto-create-users>true</auto-create-users>
> >
> >
> > </configuration>
> >
> > <data>
> >
> > <objectnode classname="org.apache.slide.structure.SubjectNode"
> > uri="/">
> >
> > <!-- Permissions for this Node-->
> > <permission action="/actions" subject="root"/>
> >
> > <objectnode classname="org.apache.slide.structure.SubjectNode"
> > uri="/users">
> > <revision>
> > <property name="rootgroup">true</property>
> > </revision>
> >
> >
> > <objectnode classname="slideroles.basic.RootRoleImpl"
> > uri="/users/root">
> > <revision>
> > <property name="password"
> > namespace="http://jakarta.apache.org/slide/";>root</property>
> > <property name="rootgroup">/users</property>
> > <property name="role">Root</property>
> > </revision>
> > </objectnode><!-- End /user/root -->
> >
> > <objectnode classname="slideroles.basic.GuestRoleImpl"
> > uri="/users/guest">
> > <revision>
> > <property name="password"
> > namespace="http://jakarta.apache.org/slide/";>guest</property>
> > <property name="rootgroup">/users</property>
> > <property name="role">Guest</property>
> > </revision>
> > </objectnode><!-- End /user/guest -->
> >
> > <objectnode classname="slideroles.basic.UserRoleImpl"
uri="/users/joe">
> > <revision>
> > <property name="password"
> > namespace="http://jakarta.apache.org/slide/";>joe</property>
> > <property name="rootgroup">/users</property>
> > <property name="role">User</property>
> > </revision>
> > </objectnode>
> >
> > <objectnode classname="org.apache.slide.structure.SubjectNode"
> > uri="/users/MyGroup">
>
> This should be a GroupNode, not a SubjectNode.
>
> > <objectnode classname="org.apache.slide.structure.LinkNode"
> > uri="/users/MyGroup/joe" linkedUri="/users/joe"/>
> >
> > </objectnode>
> >
> > </objectnode><!-- End /users -->
> >
> > <objectnode classname="org.apache.slide.structure.ActionNode"
> > uri="/actions">
> >
> > <objectnode classname="org.apache.slide.structure.ActionNode"
> > uri="/actions/read"/>
> > <objectnode classname="org.apache.slide.structure.ActionNode"
> > uri="/actions/write"/>
> > <objectnode classname="org.apache.slide.structure.ActionNode"
> > uri="/actions/manage"/>
> >
> > </objectnode><!-- End /actions -->
> >
> > <objectnode classname="org.apache.slide.structure.SubjectNode"
> > uri="/files">
> >
> > <permission action="/actions" subject="guest"/>
> >
> > <objectnode classname="org.apache.slide.structure.SubjectNode"
> > uri="/files/test">
> >
> > <permission action="/actions/read" subject="/users/MyGroup"
> > inherit="true" negative="false"/>
> >
> Add a + here, because it is group.
> subject="+/users/MyGroup"
>
> > </objectnode>
> >
> > </objectnode><!-- End /files -->
> >
> >
> > <objectnode classname="org.apache.slide.structure.SubjectNode"
> > uri="/meta">
> >
> > <objectnode classname="org.apache.slide.structure.SubjectNode"
> > uri="/meta/ContentType"/>
> > <objectnode classname="org.apache.slide.structure.SubjectNode"
> > uri="/meta/ActionTemplate"/>
> > <objectnode classname="org.apache.slide.structure.SubjectNode"
> > uri="/meta/PropertyTemplate"/>
> > <objectnode classname="org.apache.slide.structure.SubjectNode"
> > uri="/meta/ImageMacro"/>
> >
> > </objectnode><!-- End /meta -->
> >
> > </objectnode><!-- End / -->
> >
> > </data>
> >
> > </namespace>
> >
> > </slide>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
