jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julian Reschke <julian.resc...@gmx.de>
Subject Re: WebDAV ACLs referring to deleted principals
Date Wed, 12 Aug 2009 15:37:43 GMT
Marian Schedenig (qs) wrote:
> Hi!
> 
> I have extended the WebDAV servlet classes to deal with DAV's ACL methods
> (as defined by the AclResource interface). This allows me to set and query
> ACLs on my files and folders. However, I run into trouble when I change the
> user store.
> 
> In my alterAcl() method, I retrieve the current ACL by first calling
> AccessControlManager#getPolicies [1] to determine the resource's current
> ACL, and then, if it has none, AccessControlManager#getApplicablePolicies()
> [2] to find an empty ACL I can work with. The problems appear if the
> resource's ACL contains an entry for a principal which has since be deleted
> (we're using an LDAP server to manage our principals, so we have no control
> over who will when delete users), since in this case both methods will throw
> a NoSuchPrincipalException.
> ...

That's an interesting problem.

Some years ago we implemented WebDAV ACL on a content management system, 
and that was able to return Access Control Information even if some if 
the principals involved had become invalid. One way to do this is to 
allow deleted principals to be exposed as working Java objects, and just 
restricting the set of operations you can use on them.

Does the proposed JSR-283 precludes an implementation like that? If yes, 
we will have to discuss this.

BR, Julian


Mime
View raw message