Allow file authorizor whitelist to default to "allowed"
-------------------------------------------------------
Key: ISIS-218
URL: https://issues.apache.org/jira/browse/ISIS-218
Project: Isis
Issue Type: New Feature
Components: Security: File
Affects Versions: 0.2.0-incubating
Reporter: Kevin Meyer
Priority: Trivial
Fix For: 0.3.0-incubating
As it stands, the file authorizer (FileAuthorizor) requires that a
service/class/action explicitly be listed in the white list for it to be
allowed.
If the same service/class/action is also listed on the black list, then it is
disallowed.
I am adding the following property, which defaults to false:
isis.authorization.file.whitelist.empty.isallowed=true
to allow the white list to allow all by default, if the whitelist file is empty.
This allows you to specify only those roles that are *disallowed* in the black
list, while leaving the whitelist empty.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
