Menu
▾
▴
openutils-svn
|
From: <fc...@us...> - 2008-02-25 17:45:34
|
Revision: 701
http://openutils.svn.sourceforge.net/openutils/?rev=701&view=rev
Author: fcarone
Date: 2008-02-25 09:45:22 -0800 (Mon, 25 Feb 2008)
Log Message:
-----------
Minor changes to documentation
Modified Paths:
--------------
trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt
Modified: trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt
===================================================================
--- trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt 2008-02-25 17:38:38 UTC (rev 700)
+++ trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt 2008-02-25 17:45:22 UTC (rev 701)
@@ -8,11 +8,11 @@
This project proposes a Role Based approach to security, trying to be as hidden as possible to application developers.
- A common test case is when you have different users who can access the same group of domain business objects and a
+ A common test case is when you have different users who can access the same set of domain business objects and a
policy to enforce access security is needed. For exaple, given a DummyDataObject with two properties, intValue and
stringValue, you want UserA to access the DummyDataObject when intValue is 1 and UserB when intValue is 2.
- In a typical RBAC environment, the user (or entity who does something) is called subject and a subject is tied to
+ Using the RBAC grammar, the user (or entity who does something) is called subject and a subject is tied to
many roles. Within openutils, 1 user is contained in N groups and a group can have M roles, so you relate users
to roles through groups. For our example let's map UserA to Role1 and UserB to Role2 (through 2 different groups,
GroupA and GroupB, but groups are not important now).
@@ -31,7 +31,7 @@
SecurityRule 2:
Role2 - DummyDataObject - intValue - 2 - EQUALS - LOAD
- With the given scheme, users with roles Role1 and Role2 can access in readonly mode the DummyDataObject instances with
+ With the given scheme, users with roles Role1 and Role2 can access in read-only mode the DummyDataObject instances with
respectively intValue equals to 1 and 2. If you want to make Role2 access the DummyDataObjects in read-write mode, the
SecurityRule 2 becomes:
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <fc...@us...> - 2008-02-26 10:51:38
|
Revision: 703
http://openutils.svn.sourceforge.net/openutils/?rev=703&view=rev
Author: fcarone
Date: 2008-02-26 02:51:37 -0800 (Tue, 26 Feb 2008)
Log Message:
-----------
More use-cases in documentation
Modified Paths:
--------------
trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt
Modified: trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt
===================================================================
--- trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt 2008-02-26 10:10:35 UTC (rev 702)
+++ trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt 2008-02-26 10:51:37 UTC (rev 703)
@@ -21,7 +21,7 @@
access/modify/create/delete which object (so who can do what on something). To enforce our example policy we add
2 SecurityRules, using the following notation:
- RoleN - Bean - property - value - Modifier (EQUALS, NOT) - Permission (LOAD, CREATE, DELETE, MODIFY)
+ Role - Bean - Property - Value - Modifier (EQUALS, NOT) - Permission (LOAD, CREATE, DELETE, MODIFY)
So:
@@ -37,4 +37,18 @@
Role2 - DummyDataObject - intValue - 2 - EQUALS - LOAD, MODIFY
- In this case, users with Role2 won't be able to either create or delete DummyDataObjects when intValue is 2.
\ No newline at end of file
+ In this case, users with Role2 won't be able to either create or delete DummyDataObjects when intValue is 2, but can
+load and modify them.
+
+ Let's have some more complex rules scenarios: AND and OR. Users in Role1 can only load DummyDataObjects when intValue
+is 1 and stringValue is 'ABC': now we need two security rules:
+
+ Role1 - DummyDataObject - intValue - 1 - EQUALS - LOAD
+ Role1 - DummyDataObject - stringValue - 'ABC' - EQUALS - LOAD
+
+In this way the AND is done. What if we want to create OR rules:
+
+ Role1 - DummyDataObject - intValue - 1 - EQUALS - LOAD
+ Role2 - DummyDataObject - stringValue - 'ABC' - EQUALS - LOAD
+
+and assign users both roles 1 and 2.
\ No newline at end of file
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <fc...@us...> - 2008-02-27 13:17:24
|
Revision: 707
http://openutils.svn.sourceforge.net/openutils/?rev=707&view=rev
Author: fcarone
Date: 2008-02-27 05:17:28 -0800 (Wed, 27 Feb 2008)
Log Message:
-----------
Fix indent
Modified Paths:
--------------
trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt
Modified: trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt
===================================================================
--- trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt 2008-02-26 10:57:04 UTC (rev 706)
+++ trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt 2008-02-27 13:17:28 UTC (rev 707)
@@ -46,9 +46,9 @@
Role1 - DummyDataObject - intValue - 1 - EQUALS - LOAD
Role1 - DummyDataObject - stringValue - 'ABC' - EQUALS - LOAD
-In this way the AND is done. What if we want to create OR rules:
+ In this way the AND is done. What if we want to create OR rules:
Role1 - DummyDataObject - intValue - 1 - EQUALS - LOAD
Role2 - DummyDataObject - stringValue - 'ABC' - EQUALS - LOAD
-and assign users both roles 1 and 2.
\ No newline at end of file
+ and assign users both roles 1 and 2.
\ No newline at end of file
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <fc...@us...> - 2008-02-27 13:19:29
|
Revision: 708
http://openutils.svn.sourceforge.net/openutils/?rev=708&view=rev
Author: fcarone
Date: 2008-02-27 05:19:33 -0800 (Wed, 27 Feb 2008)
Log Message:
-----------
Fix spacing
Modified Paths:
--------------
trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt
Modified: trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt
===================================================================
--- trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt 2008-02-27 13:17:28 UTC (rev 707)
+++ trunk/openutils-hibernate-security/src/site/apt/rbac-acegi.apt 2008-02-27 13:19:33 UTC (rev 708)
@@ -44,11 +44,13 @@
is 1 and stringValue is 'ABC': now we need two security rules:
Role1 - DummyDataObject - intValue - 1 - EQUALS - LOAD
+
Role1 - DummyDataObject - stringValue - 'ABC' - EQUALS - LOAD
In this way the AND is done. What if we want to create OR rules:
Role1 - DummyDataObject - intValue - 1 - EQUALS - LOAD
+
Role2 - DummyDataObject - stringValue - 'ABC' - EQUALS - LOAD
and assign users both roles 1 and 2.
\ No newline at end of file
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X