I am using nightly build of slide and using JDBCDescriptorsStore and mysql. The attached is my Domain.xml. Everytime I startup the server, A new entry get inserted into the permissions table with object ='/', subject = '/' and action = '/'. Which means everybody can do any action on anything. Thanks. Jiantao <?xml version="1.0"?> <slide logger="org.apache.slide.util.logger.SimpleLogger" logger-level="6" default="slide"> <!-- logger ~~~~~~ org.apache.slide.util.logger.SimpleLogger default logger with 1 log level log4j.Log4jLogger logger with fine granularity see http://jakarta.apache.org/log4j/ logger-level ~~~~~~~~~~~~ 0 EMERGENCY 1 CRITICAL 2 ERROR 4 WARNING 6 INFO 7 DEBUG --> <namespace name="slide"> <!-- ### Memory Configuration ### The following memory configuration uses the MemoryDescriptorsStore for node,security,locks and revisions. For content the FileContentStore is used. Content is reset before start. --> <definition> <store name="jdbc"> <nodestore classname="slidestore.reference.JDBCDescriptorsStore"> <parameter name="driver">org.gjt.mm.mysql.Driver</parameter> <parameter name="url">mysql://test01:3306/slide</parameter> <parameter name="user">username</parameter> <parameter name="password">password</parameter> </nodestore> <securitystore> <reference store="nodestore" /> </securitystore> <lockstore> <reference store="nodestore" /> </lockstore> <revisiondescriptorsstore> <reference store="nodestore" /> </revisiondescriptorsstore> <revisiondescriptorstore> <reference store="nodestore" /> </revisiondescriptorstore> <!--contentstore classname="slidestore.reference.JDBCContentStore"> <parameter name="driver">org.hsql.jdbcDriver</parameter> <parameter name="url">HypersonicSQL:slidecontent</parameter> <parameter name="user">sa</parameter> <parameter name="password"></parameter> </contentstore--> <contentstore classname="slidestore.reference.FileContentStore"> <parameter name="rootpath">files</parameter> </contentstore> </store> <scope match="/" store="jdbc" /> </definition> <!-- ### JDBC Configuration ### The following jdbc sample configuration uses the hsql Database Engine a relational database engine written in Java, for more info: http://hsqldb.sourceforge.net/ --> <!-- <definition> <store name="jdbc"> <nodestore classname="slidestore.reference.JDBCDescriptorsStore"> <parameter name="driver">org.hsqldb.jdbcDriver</parameter> <parameter name="url">jdbc:hsqldb:slidestructure</parameter> <parameter name="user">sa</parameter> <parameter name="password"></parameter> </nodestore> <securitystore> <reference store="nodestore" /> </securitystore> <lockstore> <reference store="nodestore" /> </lockstore> <revisiondescriptorsstore> <reference store="nodestore" /> </revisiondescriptorsstore> <revisiondescriptorstore> <reference store="nodestore" /> </revisiondescriptorstore> <contentstore classname="slidestore.reference.JDBCContentStore"> <parameter name="driver">org.hsqldb.jdbcDriver</parameter> <parameter name="url">jdbc:hsqldb:slidecontent</parameter> <parameter name="user">sa</parameter> <parameter name="password"></parameter> </contentstore> </store> <scope match="/" store="jdbc" /> </definition> --> <configuration> <!-- Actions mapping --> <default-action>/actions</default-action> <read-object>/actions/read</read-object> <create-object>/actions/write</create-object> <remove-object>/actions/write</remove-object> <grant-permission>/actions/manage</grant-permission> <revoke-permission>/actions/manage</revoke-permission> <read-permissions>/actions/manage</read-permissions> <lock-object>/actions/write</lock-object> <kill-lock>/actions/manage</kill-lock> <read-locks>/actions/read</read-locks> <read-revision-metadata>/actions/read</read-revision-metadata> <create-revision-metadata>/actions/write</create-revision-metadata> <modify-revision-metadata>/actions/write</modify-revision-metadata> <remove-revision-metadata>/actions/write</remove-revision-metadata> <read-revision-content>/actions/read</read-revision-content> <create-revision-content>/actions/write</create-revision-content> <modify-revision-content>/actions/write</modify-revision-content> <remove-revision-content>/actions/write</remove-revision-content> <!-- Paths configuration --> <userspath>/users</userspath> <guestpath>guest</guestpath> <filespath>/files</filespath> <parameter name="dav">true</parameter> <parameter name="standalone">true</parameter> <!-- Roles definition --> <role name="root">slideroles.basic.RootRole</role> <role name="user">slideroles.basic.UserRole</role> <role name="guest">slideroles.basic.GuestRole</role> <!-- Users management --> <auto-create-users>true</auto-create-users> <!-- Default properties mapping --> <default-property name="foo" namespace="nsfoo/" value="bar" role="user"/> <default-property name="password" namespace="slide/" value="" role="user"/> </configuration> <data> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/"> <permission action="/actions" subject="root"/> <permission action="/actions/read" subject="user" inheritable="false"/> <permission action="/actions/read" subject="nobody" inheritable="false"/> <!-- /users represents the unauthenticated user --> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/users"> <permission action="/actions" subject="~"/> <permission action="/actions" subject="guest" inheritable="true" negative="true"/> <permission action="/actions/read" subject="user" inheritable="false"/> <!-- Permission group example --> <objectnode classname="org.apache.slide.structure.GroupNode" uri="/users/groupA"> <objectnode classname="org.apache.slide.structure.LinkNode" uri="/users/groupA/john" linkedUri="/users/john" /> <objectnode classname="org.apache.slide.structure.LinkNode" uri="/users/groupA/root" linkedUri="/users/root" /> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/users/groupA/singleGroupMember" /> </objectnode> <!-- /users/root represents the administrator --> <objectnode classname="slideroles.basic.RootRoleImpl" uri="/users/root"> <revision> <property name="password">root</property> </revision> </objectnode> <!-- /users/john represents an authenticated user --> <objectnode classname="slideroles.basic.UserRoleImpl" uri="/users/john"> <revision> <property name="password">john</property> </revision> </objectnode> <!-- /users/guest represents an authenticated or unauthenticated guest user --> <objectnode classname="slideroles.basic.GuestRoleImpl" uri="/users/guest"> <revision> <property name="password"></property> </revision> </objectnode> </objectnode> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions"> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/read"/> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/write"/> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/manage"/> </objectnode> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/files"> <!-- ### Give read/write/manage permission to guest ### Uncomment the following line to give permission to do all actions on /files to guest (unauthenticated users) --> <!-- <permission action="/actions" subject="/users/guest"/> --> <permission action="/actions/manage" subject="/users/john"/> <permission action="/actions/write" subject="+/users/groupA"/> <permission action="/actions/read" subject="nobody"/> </objectnode> </objectnode> </data> </namespace> </slide>
Jiantao tracked down the problem. It seems the problem resided in the slidestore.refererence.JDBCDescriptorsStore.java, in the revokePermission method. Because the quote around "ACTION" the condition never met, so no row got deleted when revoke was called. He removed the quote, and it worked for mysql. This quote was needed for Cloudscape where action is a reserved word and must be quoted. FIX: revert the changes in the general case and put the specific code in CloudscapeDescriptorsStore.