shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "" <>
Subject Re: Defect in WildcardPermission evaluation?
Date Tue, 23 Jan 2018 10:36:31 GMT
Not seeing any discussion of this and seeing no tests in the test cases that perform any tests
of this issue.  I will open a defect and work on that.


From: Claude Warren (Product Engineering Service)
Sent: Friday, January 12, 2018 12:52:52 PM
Subject: Defect in WildcardPermission evaluation?

Currently the WildcardPermission.implies() method contains the following code snippet and

// If this permission has less parts than the other permission, everything after the number
of parts contained
// in this permission is automatically implied, so return true

// If this permission has more parts than the other parts, only imply it if all of the other
parts are wildcards
        for (; i < getParts().size(); i++) {
            Set<String> part = getParts().get(i);
            if (!part.contains(WILDCARD_TOKEN)) {
                return false;

This means that If you have (User perms in first col, testing against across columns)

        A       A:*     A:B     A:B:*   A:B:C   A:B:C:*
A       t       t       t       t       t       t
A:*     T
        t       t       t       t       t
A:B     f       f       t       t       t       t
A:B:*   f       f       T       t       t       t
A:B:C   f       f       f       f       t       t
A:B:C:* f       f       f       f       T       t


I think the issues are where the upper case  "T"s are.   I believe that those should be "F"

The logic being that once a separator (:) is presented it should no longer match anything
shorter than that.


The information contained in this electronic message and any attachments to this message are
intended for the exclusive use of the addressee(s) and may contain proprietary, confidential
or privileged information. If you are not the intended recipient, you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately and destroy all copies
of this message and any attachments. WARNING: Computer viruses can be transmitted via email.
The recipient should check this email and any attachments for the presence of viruses. The
company accepts no liability for any damage caused by any virus transmitted by this email.

This email has been scanned by the Symantec Email service.
For more information please visit
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message