From: "Gary J. Braswell" <rapidobj@mindspring.com>
To: <java-security@java.sun.com>
Subject: Re: Group maintenance after ACL permissions have been set
Date: Tue, 11 May 1999 15:44:51 -0400
------=_NextPart_000_009B_01BE9BC5.351984C0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Sun-Content-Length: 1923
Please disregard this message. I'm a dumbass, and I found the problem =
after investigating it later...
GJB.
-----Original Message-----
From: Gary J. Braswell <rapidobj@mindspring.com>
To: java-security@java.sun.com <java-security@java.sun.com>
Date: Monday, May 10, 1999 11:39 AM
Subject: Group maintenance after ACL permissions have been set
=20
=20
=20
I made a simple modification to the AclEx.java file that was posted =
under the URL =
http://www.javasoft.com/products/jdk1.1/docs/guide/security/Acl.html, =
and it presented a problem for me.
=20
I moved the addition of user2 until after the group had been added =
to the access control list. The logic here is that a Security =
Administrator is going to want to be able add users to an established =
group that already has a certain set of permissions (e.g., relationships =
with Acls), and have that user "inherit" (not from the OO standpoint) =
the permissions that already exists for the group.
=20
When I moved the "g.addMember(p2);" line until after the group had =
been added to the Acl, the p2 principal did not receive any of the group =
permissions.
=20
I'm not sure why this wouldn't work. =20
=20
The Access Control List acl should have a valid reference to the =
modified GroupImpl g (e.g., with the newly added p2). The only reason =
that it would fail is if the Acl calculates permissions only upon its =
instantiation or in a modifier method.=20
=20
Wouldn't it need to go out to its group constituents and refresh the =
member list when a checkPermissions() call is made?
=20
I've attached the source code for your review.
=20
Thanks in advance for any help with this. If you know of another =
way to accomplish what I'm trying to do, please advise.
=20
Regards,
Gary J. Braswell
Sr. Software Engineer, Syndesa Corporation
=20
=20
------=_NextPart_000_009B_01BE9BC5.351984C0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Sun-Content-Length: 4141
<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
------=_NextPart_000_009B_01BE9BC5.351984C0-------Original = Message-----
From:=20 Gary J. Braswell <rapidobj@mindspring.com>To:=20 java-security@java.sun.com= =20 <java-security@java.sun.com= >
Date:=20 Monday, May 10, 1999 11:39 AM
Subject: Group = maintenance after=20 ACL permissions have been setI made a simple modification to = the=20 AclEx.java file that was posted under the URL http://www.javasoft.com/products/jdk1.1/docs/guide/security/Acl.html= ,=20 and it presented a problem for me.I moved the addition of user2 = until after=20 the group had been added to the access control list. The logic = here is=20 that a Security Administrator is going to want to be able add users = to an=20 established group that already has a certain set of permissions = (e.g.,=20 relationships with Acls), and have that user "inherit" = (not from=20 the OO standpoint) the permissions that already exists for the=20 group.When I moved the=20 "g.addMember(p2);" line until after the group had been = added to=20 the Acl, the p2 principal did not receive any of the group=20 permissions.I'm not sure why this wouldn't = work. =20The Access Control List acl = should have a=20 valid reference to the modified GroupImpl g (e.g., with the newly = added=20 p2). The only reason that it would fail is if the Acl = calculates=20 permissions only upon its instantiation or in a modifier method.=20Wouldn't it need to go out to = its group=20 constituents and refresh the member list when a checkPermissions() = call is=20 made?I've attached the source code = for your=20 review.Thanks in advance for any help = with=20 this. If you know of another way to accomplish what I'm trying = to do,=20 please advise.Regards,Gary J. BraswellSr. Software Engineer, Syndesa=20 Corporation