Domain.xml Data Node
In Slide an ObjectNode exists for each User, Role, Action (and Collections?). These ObjectNodes are part of the Namespace. The entries below configure ObjectNodes according to paths (uri) and what class implementation to utilize.
This <data> section is loaded when Slide first starts and provides a way to initialize Stores. After Slide has started all sections of the repository can be manipulated through WebDAV or directly through the server API.
<data>
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/">
<!-- Subject can be:
any user "all"
authenticated user "authenticated"
unauthenticated user "unauthenticated"
self "self"
owner of resource "owner"
a user "/users/john"
a role "/roles/admin"
-->
<permission action="all" subject="/roles/root" inheritable="true"/>
<permission action="/actions/read-acl" subject="all" inheritable="true" negative="true"/>
<permission action="/actions/write-acl" subject="all" inheritable="true" negative="true"/>
<permission action="/actions/unlock" subject="all" inheritable="true" negative="true"/>
<permission action="/actions/read" subject="all" inheritable="true"/>
<!-- /users -->
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/users">
...
</objectnode>
<!-- /roles -->
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/roles">
...
</objectnode>
<!-- action -->
<objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions">
...
</objectnode>
<!-- collections -->
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/files">
...
</objectnode>
</objectnode>
</data>
Users
Slide populates the initial users from this section of the domain.xml file. See Creating Users for instructions to add users at runtime. See Principal Properties of the WebDAV ACL specification for more information on users.
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/users">
<permission action="all" subject="self" inheritable="true"/>
<permission action="all" subject="/roles/projector" inheritable="true"/>
<permission action="all" subject="unauthenticated" inheritable="true" negative="true"/>
<!-- /users/root represents the administrator -->
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/users/root">
<revision>
<property namespace="http://jakarta.apache.org/slide/" name="password">root</property>
</revision>
</objectnode>
<!-- /users/john and /users/john2 represent authenticated users -->
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/users/john">
<revision>
<property namespace="http://jakarta.apache.org/slide/" name="password">john</property>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/users/john2">
<revision>
<property namespace="http://jakarta.apache.org/slide/" name="password">john2</property>
</revision>
</objectnode>
<!-- /users/guest represents an authenticated or unauthenticated guest user -->
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/users/guest">
<revision>
<property namespace="http://jakarta.apache.org/slide/" name="password">guest</property>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/users/projector">
<revision>
<property namespace="http://jakarta.apache.org/slide/" name="password">projector</property>
</revision>
</objectnode>
</objectnode>
Revision
<revision>
<property namespace="http://jakarta.apache.org/slide/" name="password">root</property>
</revision>
The above example defines passwords for each user.
Roles
These are the initial Roles available in Slide. The most important role here is /roles/root, since this role is given write permissions over the entire repository by default.
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/roles">
<permission action="all" subject="self" inheritable="true"/>
<permission action="all" subject="/roles/projector" inheritable="true"/>
<permission action="all" subject="unauthenticated" inheritable="true" negative="true"/>
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/roles/root">
<revision>
<property name="group-member-set"><![CDATA[<D:href xmlns:D='DAV:'>/users/root</D:href>]]></property>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/roles/user">
<revision>
<property name="group-member-set">
<![CDATA[<D:href xmlns:D='DAV:'>/users/john</D:href>
<D:href xmlns:D='DAV:'>/users/john2</D:href>
<D:href xmlns:D='DAV:'>/users/root</D:href>
<D:href xmlns:D='DAV:'>/users/projector</D:href>]]>
</property>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/roles/guest">
<revision>
<property name="group-member-set"><![CDATA[<D:href xmlns:D='DAV:'>/users/guest</D:href>]]></property>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/roles/projector">
<revision>
<property name="group-member-set">
<![CDATA[<D:href xmlns:D='DAV:'>/users/root</D:href>
<D:href xmlns:D='DAV:'>/users/projector</D:href>]]>
</property>
</revision>
</objectnode>
</objectnode>
Actions
These are the WebDAV Privileges that Slide's default security implementation understands.
<objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions">
<objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/read">
<revision>
<property name="privilege-member-set">
<![CDATA[<D:href xmlns:D='DAV:'>/actions/read-acl</D:href>
<D:href xmlns:D='DAV:'>/actions/read-current-user-privilege-set</D:href>]]>
</property>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/read-acl">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/read-current-user-privilege-set">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/write">
<revision>
<property name="privilege-member-set">
<![CDATA[<D:href xmlns:D='DAV:'>/actions/write-acl</D:href>
<D:href xmlns:D='DAV:'>/actions/write-properties</D:href>
<D:href xmlns:D='DAV:'>/actions/write-content</D:href>]]>
</property>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/write-acl">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/write-properties">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/write-content">
<revision>
<property name="privilege-member-set">
<![CDATA[<D:href xmlns:D='DAV:'>/actions/bind</D:href> <D:href xmlns:D='DAV:'>/actions/unbind</D:href>]]>
</property>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/bind">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/unbind">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
<objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/unlock">
<revision>
<property name="privilege-member-set"/>
</revision>
</objectnode>
</objectnode>
Collections?
This section defines resource collections (aka directories)
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/files">
<permission action="all" subject="unauthenticated" inheritable="true"/>
<permission action="/actions/write" subject="/roles/user" inheritable="true"/>
<permission action="/actions/read-acl" subject="owner" inheritable="true"/>
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/projector">
<permission action="all" subject="unauthenticated" inheritable="true"/>
<permission action="/actions/write" subject="/roles/projector" inheritable="true"/>
<permission action="/actions/read-acl" subject="owner" inheritable="true"/>
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/projector/work">
</objectnode>
</objectnode>
<!-- DeltaV: default history and workspace paths -->
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/history">
<permission action="all" subject="unauthenticated" inheritable="true"/>
<permission action="/actions/write" subject="/roles/user" inheritable="true"/>
<permission action="/actions/read-acl" subject="owner" inheritable="true"/>
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/workspace">
<permission action="all" subject="unauthenticated" inheritable="true"/>
<permission action="/actions/write" subject="/roles/user" inheritable="true"/>
<permission action="/actions/read-acl" subject="owner" inheritable="true"/>
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/workingresource">
<permission action="all" subject="unauthenticated" inheritable="true"/>
<permission action="/actions/write" subject="/roles/user" inheritable="true"/>
<permission action="/actions/read-acl" subject="owner" inheritable="true"/>
</objectnode>
Collection Details
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/files">
<permission action="all" subject="unauthenticated" inheritable="true"/>
<permission action="/actions/write" subject="/roles/user" inheritable="true"/>
<permission action="/actions/read-acl" subject="owner" inheritable="true"/>
</objectnode>
Just like other objectnodes, each resource collection is associated to a class and uri.
Within each one, a set of permissions are defined which sets both access and permissable actions which were defined earlier in this file (see above).
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/projector">
<permission action="all" subject="unauthenticated" inheritable="true"/>
<permission action="/actions/write" subject="/roles/projector" inheritable="true"/>
<permission action="/actions/read-acl" subject="owner" inheritable="true"/>
<objectnode classname="org.apache.slide.structure.SubjectNode" uri="/projector/work">
</objectnode>
</objectnode>
You can even define a resource collection within another resource collection as shown above.