'Implementing ACL draft-12 (was: BUG: cvs commit: ...)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       slide-dev
Subject:    Implementing ACL draft-12 (was: BUG: cvs commit: ...)
From:       "Nevermann, Dr., Peter" <Peter.Nevermann () softwareag ! com>
Date:       2003-10-28 10:59:57
[Download RAW message or body]


Hi Oliver, Ingo,

thanks for reporting the bug and providing a fix.

BTW, I would like to let you know, that we are currently trying to get
compliant with draft-12 of the WebDAV/ACL spec. As you probably know, the
currently available ACL implementation in Slide conforms to draft-7 (if at
all) ... which is becoming a bit outdated.

What I have been checking-in so far is intended as preparatory operations. I
always try to not to break the server ... my apologies if I sometimes fail
to do so. The larger part of the changes will follow. Some things we would
like to change in the Slide-kernel in order to better conform to draft-12
are the following:

1) User & group relationships will not be mapped anymore to the URI
hierarchy
Instead, the DAV:group-member-set and DAV:group-membership properties are
used which allows for many-to-many relationships between users and groups.

2) Action aggregation will not be mapped anymore to the URI hierarchy
Instead, the DAV:privilege-member-set and DAV:privilege-membership
properties are used. [I must admit, that these two props do not appear in
the specs, because the spec do not require actions being resources.]

3) There will be generic SubjectNode's like ALL, UNAUTHENTICATED, etc. which
do not need to exist in the user DB. In particular, the node /users doesn't
anymore represent "all" users.

4) There will be a generic ActionNode ALL which do not need to exist in the
namespace. In particular, the node /actions doesn't anymore represent "all"
actions.

5) During server start-up, the active user is UNAUTHENTICATED and all Slide
action are mapped to a generic DEFAULT action which passes all security and
lock checks. So, the user DB, and the Lock and Security stores don't need to
be accessed.

Hope, these all doesn't make to many difficulties for you.

Regards,
Peter

> -----Original Message-----
> From: Oliver Zeigermann [mailto:ozeigermann@c1-fse.de]
> Sent: Monday, October 20, 2003 16:34
> To: Slide Developers Mailing List
> Subject: BUG: cvs commit:
> jakarta-slide/src/webdav/server/org/apache/slide/webdav/util
> PropertyHelper.java XMLValue.java
> 
> 
> There seems to be a bug in NamespaceConfig.getUsersPath(). It returns 
> null in initialization:
> 
> Thread [main] (Suspended (breakpoint at line 860 in SecurityImpl))
> 	
> SecurityImplAllGrant(SecurityImpl).getPrincipal(SlideToken) line: 860
> 	SecurityImplAllGrant(SecurityImpl).hasPermission(SlideToken, 
> ObjectNode, ActionNode) line: 686
> 	SecurityImplAllGrant(SecurityImpl).checkPermission(SlideToken, 
> ObjectNode, ActionNode) line: 469
> 	SecurityImplAllGrant(SecurityImpl).checkCredentials(SlideToken, 
> ObjectNode, ActionNode) line: 405
> 	SecurityImplAllGrant(SecurityImpl).grantPermission(SlideToken, 
> NodePermission) line: 255
> 	XMLUnmarshaller.loadObjectNode(NamespaceAccessToken, 
> SlideToken, 
> Configuration) line: 250
> 	XMLUnmarshaller.unmarshal(NamespaceAccessToken, SlideToken, 
> Configuration) line: 126
> 	NamespaceAccessTokenImpl.importData(SlideToken, 
> Configuration) line: 317
> 	Namespace.loadBaseData(Configuration) line: 816
> 	Domain.initNamespace(Configuration) line: 860
> 	Domain.init(Configuration) line: 479
> 	Domain.selfInit() line: 793
> 	Domain.accessNamespace(SecurityToken, String) line: 278
> 	SlideRealm.start() line: 218
> 	StandardEngine(ContainerBase).start() line: 1173
> 	StandardEngine.start() line: 347
> 	StandardService.start() line: 497
> 	StandardServer.start() line: 2190
> 	Catalina.start() line: 512
> 	Catalina.execute() line: 400
> 	Catalina.process(String[]) line: 180
> 	NativeMethodAccessorImpl.invoke0(Method, Object, 
> Object[]) line: not 
> available [native method]
> 	NativeMethodAccessorImpl.invoke(Object, Object[]) line: 
> 39 [local 
> variables unavailable]
> 	DelegatingMethodAccessorImpl.invoke(Object, Object[]) 
> line: 25 [local 
> variables unavailable]
> 	Method.invoke(Object, Object[]) line: 324 [local 
> variables unavailable]
> 	Bootstrap.main(String[]) line: 203
> 
> This leads to the URI-String null// which will be resolved to 
> null. This 
> is certainly not a valid uri, but is furtheron used to retrieve and 
> store subjectUri.
> 
> Unfortunately, I have no idea how to fix this...
> 
> Oliver
> 
> pnever@apache.org wrote:
> 
> > pnever      2003/10/20 05:38:17
> > 
> >   Modified:    src/webdav/server/org/apache/slide/webdav/method
> >                         AclMethod.java ReportMethod.java 
> LockMethod.java
> >                src/share/org/apache/slide/lock LockImpl.java
> >                src/share/org/apache/slide/common 
> NamespaceConfig.java
> >                src/share/org/apache/slide/security SecurityImpl.java
> >                src/share/org/apache/slide/structure 
> StructureImpl.java
> >                src/webdav/server/org/apache/slide/webdav/util
> >                         PropertyHelper.java XMLValue.java
> >   Log:
> >   Refactoring:
> >   users, groups and roles paths are controlled now solely 
> by NamespaceConfig
> >   

[and so on ..]


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic