[
https://issues.apache.org/jira/browse/ISIS-218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dan Haywood updated ISIS-218:
-----------------------------
Fix Version/s: (was: security-file-1.0.2)
> Allow file authorizor whitelist to default to "allowed"
> -------------------------------------------------------
>
> Key: ISIS-218
> URL: https://issues.apache.org/jira/browse/ISIS-218
> Project: Isis
> Issue Type: New Feature
> Components: Security: File
> Affects Versions: 0.2.0-incubating
> Reporter: Kevin Meyer
> Assignee: Kevin Meyer
> Priority: Trivial
>
> As it stands, the file authorizer (FileAuthorizor) requires that a
> service/class/action explicitly be listed in the white list for it to be
> allowed.
> If the same service/class/action is also listed on the black list, then it is
> disallowed.
> I am adding the following property, which defaults to false:
> isis.authorization.file.whitelist.empty.isallowed=true
> to allow the white list to allow all by default, if the whitelist file is
> empty.
> This allows you to specify only those roles that are *disallowed* in the
> black list, while leaving the whitelist empty.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
