portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Randy Watler (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] [Commented] (JS2-1281) Generalize Security Constraints to support "AND" in addition to "OR" grant specification.
Date Wed, 10 Apr 2013 05:10:17 GMT

    [ https://issues.apache.org/jira/browse/JS2-1281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13627481#comment-13627481
] 

Randy Watler commented on JS2-1281:
-----------------------------------

Fix commits: 1466333, 1466334, 1466335.

Implemented with Security Constraints Reference Expressions in 2.2.3 trunk and 2.1.4 branch.
Here are the updated sections from the PSML Declarative Security docs:

Declarative and Global Constraints
----------------------------------

Declarative constraints are defined in the page.security file of the root of a site. Declarative
constraints are referenced in pages and folders with the security-constraints-ref tag. Global
constraints are also declarative constraints. They are also defined and found in the page.security
file in the root PSML repository. The difference with global constraints is that they implicitly
apply to all folders and pages within the scope of the page.security file, (i.e. the site).
Note that there can be only one page.security file in a Jetspeed installation.

    <security-constraints-def name="admin">
      <security-constraint>
        <roles>admin</roles>
        <permissions>view, edit</permissions>
      </security-constraint>
    </security-constraints-def>
    <global-security-constraints-ref>admin</global-security-constraints-ref>

Constraint names are limited to letters, numbers, "_", "-", and "." characters.

Constraints Reference Expressions
---------------------------------

In addition to constraint reference by name, the security-constraints-ref and global-security-constraints-ref
tags accept logical expressions with constraint reference operands to express more complex
grants. Expressions are normally employed when the default "OR" grant logic of security constraints
lists becomes awkward or alternative logic such as "AND" or "NOT" is required.

    <global-security-constraints-ref>admin and noc</global-security-constraints-ref>
    <security-constraints-ref>(support || engineering) && !marketing</security-constraints-ref>

Expressions are infix and support the following operators: "and", "or", "not", "(", ")", "&&",
"||" and "!". The usual operator precedence rules for logical expressions apply.

                
> Generalize Security Constraints to support "AND" in addition to "OR" grant specification.
> -----------------------------------------------------------------------------------------
>
>                 Key: JS2-1281
>                 URL: https://issues.apache.org/jira/browse/JS2-1281
>             Project: Jetspeed 2
>          Issue Type: Improvement
>          Components: PSML
>    Affects Versions: 2.1.4, 2.2.2
>         Environment: File and DB PSML
>            Reporter: Randy Watler
>            Assignee: Randy Watler
>             Fix For: 2.2.3
>
>   Original Estimate: 48h
>          Time Spent: 48h
>  Remaining Estimate: 0h
>
> Security Constraints on Folders, Pages, Links, and Fragments support collections of alternative,
("OR"), permission grants. Occasionally, the need arises to support combined permission grants,
("AND"), where access is granted only when some number of permissions grant of deny access.
This is best generalized by supporting the specification of logical operators and permission
grants/denials. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message