[ https://issues.apache.org/jira/browse/ISIS-218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Haywood reopened ISIS-218: ------------------------------ reopening in order to change the version. > Allow file authorizor whitelist to default to "allowed" > ------------------------------------------------------- > > Key: ISIS-218 > URL: https://issues.apache.org/jira/browse/ISIS-218 > Project: Isis > Issue Type: New Feature > Components: Security: File > Affects Versions: 0.2.0-incubating > Reporter: Kevin Meyer > Assignee: Kevin Meyer > Priority: Trivial > Fix For: isis-1.0.0 > > > As it stands, the file authorizer (FileAuthorizor) requires that a > service/class/action explicitly be listed in the white list for it to be > allowed. > If the same service/class/action is also listed on the black list, then it is > disallowed. > I am adding the following property, which defaults to false: > isis.authorization.file.whitelist.empty.isallowed=true > to allow the white list to allow all by default, if the whitelist file is > empty. > This allows you to specify only those roles that are *disallowed* in the > black list, while leaving the whitelist empty. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira