As it stands, the file authorizer (FileAuthorizor) requires that a service/class/action explicitly be listed in the white list for it to be allowed.
If the same service/class/action is also listed on the black list, then it is disallowed.
I am adding the following property, which defaults to false:
to allow the white list to allow all by default, if the whitelist file is empty.
This allows you to specify only those roles that are disallowed in the black list, while leaving the whitelist empty.