Yes Kevin you are right. Actually I read in one of the manuals that the white list file is mandatory and the black list file is optional and it overrides the white list file. So I don't even require the * authorization_file.disallow* file. Adding the following lines to the * authorization_file.allow* file served my purpose.
*EmployeeSql#findEmployee():ADMIN|USER EmployeeSql#newEmployee(java.lang.String,java.lang.String,java.lang.String):ADMIN * Thanks again for your quick responses. By the way, can I move this authorization part to the SQL database as well? Some pointers on that would be great. On Mon, Jun 11, 2012 at 5:08 PM, Kevin Meyer - KMZ <[email protected]> wrote: > Hi Sudipto, > > > However, from Dan's mail I realized that the sql security class was not > in > > classpath. I added the following dependency in my pom and things are > > working now. I am just mentioning this here so that others can get a > quick > > pointer in the future. > > > > *<dependency> > > <groupId>org.apache.isis.security</groupId> > > <artifactId>sql</artifactId> > > <version>${isis.version}</version> > > </dependency>* > > Ah, excellent. This should go into the JIRA ticket - and eventually - the > manual. > > > So, authentication is all good at least with database. Coming back to > > authorization, can you please guide me on that a little. > > > > Suppose, there are two actions for a domain class, one create and one > > search, if I want to show search to all but create to a specific role, > how > > do I accomplish that? > > By default, every class or action should appear in one of either > allow.properties and disallow.properties. If memory serves, if it is not in > either, then it is disallowed. > > I provided a "allow by default" override[1], but I don't think it is in the > distributed artifacts, you'll have to fetch and build the sources from > subversion to get the functionality. > > Anyway - the idea is that if you have a roles "user" and "administrator", > you'll need: > a passwords file that contains: > username:userpassword:user > adminname:adminpassword:administrator > > an allow.properties that contains: > <fully qualified class>#<search_method>:user|administrator > <fully qualified class>#<create_method>:administrator > > or a disallow.properties that contains: > <fully qualified class>#<create_method>:user > > > I'm working from help files here, not a running application, so your > mileage may vary... > > Regards, > Kevin > > > I am not too clear about role1, role2, role3 and what if I want to have > my > > own roles. A little help on this will be much appreciated. > > > > [1] https://issues.apache.org/jira/browse/ISIS-218 > > >
