[jboss-jira] [JBoss JIRA] Closed: (SECURITY-258) Integrate the ACL engine with the AS security framework

Stefan Guilhen (JIRA) jira-events at lists.jboss.org
Wed Oct 29 13:53:20 EDT 2008 

     [ https://jira.jboss.org/jira/browse/SECURITY-258?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stefan Guilhen closed SECURITY-258.
-----------------------------------

    Resolution: Done


I've added code to register and deregister ACLs specified in jboss-acl-policy.xml upon deployment/undeployment of web and ejb applications. The parsed ACLs are registered with PolicyRegistration and are available through the the getPolicy method.

I've also created a PolicyRegistrationStrategy to be used by ACLProviderImpl - this strategy uses the PolicyRegistration to get ahold of the configured ACLs. The configuration of the ACL module looks like the following:

<acl>
   <acl-module code="org.jboss.security.acl.ACLProviderImpl" flag="optional">
      <module-option name="persistenceStrategy">org.jboss.security.plugins.acl.PolicyRegistrationStrategy</module-option>
   </acl-module>
<acl>

At runtime, applications can get a reference to the AuthorizationManager through a JNDI lookup (java:jaas/securitydomain/authorizationMgr) or MC injection (<inject bean="domain" property="authorizationManager"/>) and then use the getEntitlements method to reach the configured ACLs and get the permissions assigned to the identity.

JBossAuthorizationACLUnitTestCase has also been updated.

> Integrate the ACL engine with the AS security framework
> -------------------------------------------------------
>
>                 Key: SECURITY-258
>                 URL: https://jira.jboss.org/jira/browse/SECURITY-258
>             Project: JBoss Security and Identity Management
>          Issue Type: Task
>      Security Level: Public(Everyone can see) 
>          Components: AS-Integration
>    Affects Versions: 2.0.2.CR6
>            Reporter: Stefan Guilhen
>            Assignee: Stefan Guilhen
>             Fix For: 2.0.2.GA
>
>
> Make the ACL providers accessible to the AS. Applications must be able to invoke the configured providers to enforce instance-based authorization and also query the privileges that have been entitled to a particular identity.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list