[Geoserver-devel] [jira] Created: (GEOS-4049) geoxacml: obligation handling and evaluation at dispatcher level

Wed, 07 Jul 2010 07:52:00 -0700 

geoxacml: obligation handling and evaluation at dispatcher level
----------------------------------------------------------------

                 Key: GEOS-4049
                 URL: http://jira.codehaus.org/browse/GEOS-4049
             Project: GeoServer
          Issue Type: Improvement
    Affects Versions: Community
            Reporter: Lennart Jütte
            Assignee: Andrea Aime
             Fix For: Community
         Attachments: 01_cleanup-xcaml.patch, 02_add-thesis-results.patch, 
03_enable-xacml.patch

The geoxacml community module currently consists of a Acegi filter and a 
extended PDP (based on Sun's implementation). That way GET-HTTP requests can be 
intercepted and evaluated. There was no was of checking POST-Requests or handle 
Obligations.

The attached patches add the possibility to add XACML obligations and enforce 
them at the dispatcher level using a DispatcherCallback. In addition to that 
the evaluation was moved from the Acegi filter to the DispatcherCallback as 
well.

Now every Operation can be transformed to a decision request which will be 
evaluated by the PDP. Its decision and optional obligations can be enforced by 
the DispatcherCallback as well. Currently only CQL/OGC-filters on 
WMS/WFS-request are allowed.

This is how to apply the patches:
* apply [^01_clean-sunxacml.patch] to clean up the current code(practically the 
same patch as in http://jira.codehaus.org/browse/GEOS-4045 - can be omitted if 
this patch was already applied to trunk)
* apply [^02_add-thesis-results.patch] to add the new functionality and disable 
some of the old geoxacml stuff (e.g. the Acegi Filter)
* apply [^03_enable-xacml.patch] to enable the module by adding a profile 
web/app/pom.xml and removing beans from 
main/src/java/applicationSecurityContext.xml . Replacements will be provided 
 by the geoxacml module.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Reply via email to