jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mat Lowery <mlow...@pentaho.com>
Subject Re: Thinking behind o.a.j.core.security.authorization.acl.ACLProvider
Date Tue, 15 Dec 2009 23:47:15 GMT
Is it true that the first ACE applying to a principal that refers to the
permission being sought wins?  If so, then I still am confused by the
order of the ACEs.  Why are they ordered the way that they are?  Thanks

On Tue, 2009-12-15 at 18:40 -0500, Mat Lowery wrote:

> Can someone provide some background on the implementation of
> o.a.j.core.security.authorization.acl.ACLProvider?
> For example, why is the entire path of nodes from root to leaf consulted
> when making authorization decisions?  One could imagine an
> implementation that consults only the first non-empty ACL starting at
> the leaf and moving up towards the root.
> Additionally, why are the access control entries ordered by principal?
> At first I thought that ACE order mattered but now I'm not sure.
> In general, the logic behind buildResult() is a mystery.  Any help would
> be appreciated.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message