From: Chris.Cuilla@Level3.com
To: java-security@java.sun.com
Subject: Acl getPermissions() and hierarchical Groups...
Date: Wed, 23 Jun 1999 15:11:14 -0600
I have written an implementation of the java.security.acl.* interfaces. In
this process, I am using the following test case which has presented a
dilemma for me:
Group1 has members { Group2 }, and permissions { A+, B+, C+, D-, E- }
Group2 has members { User1 }, and permissions { A-, D+, E+ }
I believe that I have implemented the formula for getPermissions(Principal)
according to the stated rules in the Acl specification. However, here is
what happens:
getPermissions(Group2) = { B, C, D, E }
getPermissions(User1) = { B, C }
It seems to me that getPermissions(User1) should return { B, C, D, E }.
The formula gives the correct answer in both cases. However, from an
intuitive (business?) perspective, the answer given by the
getPermissions(User1) is not correct.
Am I wrong?
Chris Cuilla
303.635.6709 (voice)
chris.cuilla@level3.com <mailto:chris.cuilla@level3.com> (email)
"Can we speak without the sounds of a world gone quite insane?"