[jboss-jira] [JBoss JIRA] Commented: (SECURITY-276) ACL Configuration Schema

Stefan Guilhen (JIRA) jira-events at lists.jboss.org
Mon Oct 13 19:49:21 EDT 2008 

    [ https://jira.jboss.org/jira/browse/SECURITY-276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12433680#action_12433680 ] 

Stefan Guilhen commented on SECURITY-276:
-----------------------------------------

I'm creating a schema for an XML file that allows users to specify their instance-based authz requirements with lesser efforts. Something along the lines of:

<jboss-acl>
  <acl-definition resource="org.jboss.jnp.NamingService:java/comp">
     <entries>
        <entry>
           <identity-name>Administrator</identity-name>
           <permissions>CREATE,READ,UPDATE,DELETE</permissions>
        </entry>
        <entry>
           <identity-name>Guest</identity-name>
           <permissions>READ</permissions>
        </entry>
     </entries>
  </acl-definition>
  <!-- An extends attribute allows an ACL to inherit all the entries from its parent ACL -->
  <acl-definition resource="org.jboss.jnp.NamingService:java/comp/env" extends="org.jboss.jnp.NamingService:java/comp">
     <entries>
        <entry>
           <identity-name>Regular_User</identity-name>
           <permissions>READ,UPDATE</permissions>
        </entry>
        <!-- This overrides the definition from the parent ACL -->
        <entry>
           <identity-name>Guest</identity-name>
           <permissions>READ,UPDATE</permissions>
        </entry>
     </entries>
  </acl-definition>
</jboss-acl>

the extends attribute allows users to "inherit" entries from another ACL, overriding and adding entries as needed. This allows, for instance, to define an ACL for a root resource, and just add/edit the entries for each sub-resource without having to specify all entries over again. Something like this eases the process of specifying the ACLs for a resource tree, allowing the resulting XML to be as simple as possible.

The resources would be specified using the FQN:ID scheme. The resulting String uniquely represents the resource associated with the ACL and is used as the key for identifying the ACL that is being extended.

> ACL Configuration Schema
> ------------------------
>
>                 Key: SECURITY-276
>                 URL: https://jira.jboss.org/jira/browse/SECURITY-276
>             Project: JBoss Security and Identity Management
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: ACL
>            Reporter: Anil Saldhana
>            Assignee: Stefan Guilhen
>            Priority: Critical
>             Fix For: 2.0.2.GA
>
>
> Need the configuration schema asap to feed into the ACL deployer for AS5.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list