Acl getPermissions() and hierarchical Groups...

Chris.Cuilla@Level3.com
Wed, 23 Jun 1999 15:11:14 -0600

From: Chris.Cuilla@Level3.com
To: java-security@java.sun.com
Subject: Acl getPermissions() and hierarchical Groups...
Date: Wed, 23 Jun 1999 15:11:14 -0600

I have written an implementation of the java.security.acl.* interfaces. In
this process, I am using the following test case which has presented a
dilemma for me:

Group1 has members { Group2 }, and permissions { A+, B+, C+, D-, E- }

Group2 has members { User1 }, and permissions { A-, D+, E+ }

I believe that I have implemented the formula for getPermissions(Principal)
according to the stated rules in the Acl specification. However, here is
what happens:

getPermissions(Group2) = { B, C, D, E }
getPermissions(User1) = { B, C }

It seems to me that getPermissions(User1) should return { B, C, D, E }.

The formula gives the correct answer in both cases. However, from an
intuitive (business?) perspective, the answer given by the
getPermissions(User1) is not correct.

Am I wrong?

Chris Cuilla

303.635.6709 (voice)
chris.cuilla@level3.com <mailto:chris.cuilla@level3.com> (email)

"Can we speak without the sounds of a world gone quite insane?"