Built-in Slide ACL Implementation

A short introduction (copied, more or less unchanged, from the mailing list) on how Webdav ACLs work:

The ACL spec doesn't say anything about the relative 'strengths' of rights, the only thing that matters is the order within the ACL.

The way it works is this:

So the default behaviour (I think you can plug in alternative implementations, by the way, to answer your original question - but that would likely make it incompatible with the ACL spec) will be that, in your example, things 'just work'. However, this depends on exactly how you've set up your permissions.

Specifically, you said "user has read-only access as a member of one group". There are two ways you could set that up. One would be to say "this group has read access" (and say nothing at all about write access!), the other would be to say "this group has read access AND this group explicitly does not have write access", using two ACEs (a grant and a deny). This latter form would not do what you want, so you should avoid it.


See http://jakarta.apache.org/slide/howto-jaas.html

Also, if you wish to use an external mechanism for authentication and authorization, you may also want to look at AutoCreateUser.


Security (last edited 2009-09-20 22:02:39 by localhost)