Marian Schedenig (qs) wrote:
Hi!
I have extended the WebDAV servlet classes to deal with DAV's ACL methods
(as defined by the AclResource interface). This allows me to set and query
ACLs on my files and folders. However, I run into trouble when I change the
user store.
In my alterAcl() method, I retrieve the current ACL by first calling
AccessControlManager#getPolicies [1] to determine the resource's current
ACL, and then, if it has none, AccessControlManager#getApplicablePolicies()
[2] to find an empty ACL I can work with. The problems appear if the
resource's ACL contains an entry for a principal which has since be deleted
(we're using an LDAP server to manage our principals, so we have no control
over who will when delete users), since in this case both methods will throw
a NoSuchPrincipalException.
...
That's an interesting problem.
Some years ago we implemented WebDAV ACL on a content management system,
and that was able to return Access Control Information even if some if
the principals involved had become invalid. One way to do this is to
allow deleted principals to be exposed as working Java objects, and just
restricting the set of operations you can use on them.
Does the proposed JSR-283 precludes an implementation like that? If yes,
we will have to discuss this.
BR, Julian
