Access Control Policies

Inheritance of policies or usecases

One can block inherited policies for all usecases

<?xml version="1.0"?>

<policy xmlns="http://www.wyona.org/security/1.0" use-inherited-policies="false">

  <usecase id="view">
    <!--<world permission="false"/>-->
    <user id="lenya" permission="true"/>
  </usecase>

  <usecase id="open">
    <user id="lenya" permission="true"/>
  </usecase>

  <usecase id="write">
    <user id="lenya" permission="true"/>
  </usecase>

</policy>

or also for a particular usecase

<?xml version="1.0"?>

<policy xmlns="http://www.wyona.org/security/1.0">

  <usecase id="view" use-inherited-policies="false"
    <!--<world permission="false"/>-->
    <user id="lenya" permission="true"/>
  </usecase>

</policy>

Default usecases

The defaul usecases are currently hard-coded within org.wyona.yanel.servlet.YanelServlet and org.wyona.security.impl.PolicyManagerImplVersion2

view: Allows to access the resource generated content
yanel.resource.meta: Allows to access the meta data of resource (e.g. resource type)
open: Allows to access the source content of a resource
write: Allows to write/save data to the source content of a resource
delete: Allows to delete a resource
resource.create: Allows to create a resource
toolbar: Allows to access the Yanel toolbar
introspection: Allows to access the Neutron introspection of a resource
policy.read: Allows to view the access policy of a resource
policy.update: Allows to modify the access policy of a resource

Custom usecases

For example workflow transitions!

How it works

The access control directory mimics the data directory. Each file-or-dir-name.policy file sets the rules for

How to block parts of the realm

Here is an example that shows what needs to be done to block view acces to all parts of a website except a special page (useful for production websites "under construction"):

Leave the default policy open: in the

Your comments are much appreciated

Is the content of this page unclear or you think it could be improved? Please add a comment and we will try to improve it accordingly.


All You Need About Download Unique Selling Proposition License Getting Started Features Documentation Development/Community Get the Source Mailing Lists Task/Bug Tracker Governance Principles Processes Acknowledgements References Professional Services Support Consulting Training Solutions Contact Search	Access Control Policies Inheritance of policies or usecases One can block inherited policies for all usecases <?xml version="1.0"?> <policy xmlns="http://www.wyona.org/security/1.0" use-inherited-policies="false"> <usecase id="view"> <!--<world permission="false"/>--> <user id="lenya" permission="true"/> </usecase> <usecase id="open"> <user id="lenya" permission="true"/> </usecase> <usecase id="write"> <user id="lenya" permission="true"/> </usecase> </policy> or also for a particular usecase <?xml version="1.0"?> <policy xmlns="http://www.wyona.org/security/1.0"> <usecase id="view" use-inherited-policies="false" <!--<world permission="false"/>--> <user id="lenya" permission="true"/> </usecase> </policy> Default usecases The defaul usecases are currently hard-coded within `org.wyona.yanel.servlet.YanelServlet` and `org.wyona.security.impl.PolicyManagerImplVersion2` view: Allows to access the resource generated content yanel.resource.meta: Allows to access the meta data of resource (e.g. resource type) open: Allows to access the source content of a resource write: Allows to write/save data to the source content of a resource delete: Allows to delete a resource resource.create: Allows to create a resource toolbar: Allows to access the Yanel toolbar introspection: Allows to access the Neutron introspection of a resource policy.read: Allows to view the access policy of a resource policy.update: Allows to modify the access policy of a resource Custom usecases For example workflow transitions! How it works The access control directory mimics the data directory. Each file-or-dir-name.policy file sets the rules for How to block parts of the realm Here is an example that shows what needs to be done to block view acces to all parts of a website except a special page (useful for production websites "under construction"): Leave the default policy open: in the Your comments are much appreciated Is the content of this page unclear or you think it could be improved? Please add a comment and we will try to improve it accordingly.
Powered by Wyona Yanel \| Wyona Balancer \| Apache Tomcat \| Apache HTTP Server Copyright © 2021 Wyona. All rights reserved . - Page Info - Toolbar - Do not track: false