taylor 02/05/23 22:46:26
Modified: proposals Security.txt
Log:
updated proposal, finalized service interfaces.
Revision Changes Path
1.3 +28 -47 jakarta-jetspeed/proposals/Security.txt
Index: Security.txt
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/proposals/Security.txt,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- Security.txt 24 May 2002 00:07:00 -0000 1.2
+++ Security.txt 24 May 2002 05:46:26 -0000 1.3
@@ -1,5 +1,5 @@
Jetspeed Proposal: Portal Security 1.4
-LAST MODIFIED: $Date: 2002/05/24 00:07:00 $
+LAST MODIFIED: $Date: 2002/05/24 05:46:26 $
AUTHOR: [EMAIL PROTECTED], [EMAIL PROTECTED]
STATUS:
@@ -169,7 +169,7 @@
-----------------
3.1.2 Groups
-----------------
-Per several requests, Groups are back in the spec.
+
Groups are represented as a String.
Definition:
@@ -184,7 +184,7 @@
Definition:
-An abstract logical grouping of Jetspeed users.
+An abstract logical grouping of Jetspeed users (yes, this is the same as groups)
---------------------------
3.3 Conformancy
@@ -250,16 +250,11 @@
User getUser( String username );
Iterator getUsers( String filter );
+ Iterator getUsers();
void saveUser( User user );
-
void addUser( User user ) ;
-
void removeUser( User user );
-
- grantRole(String username, String role);
-
- revokeRole(User user, String role);
}
-----------------------------------------------
@@ -288,50 +283,43 @@
boolean checkPermission(User user, Portlet portlet, String action);
boolean checkPermission(User user, String resource, String action);
-
- boolean checkPermission(User user, Permission permission, String action);
}
--------------------------------------------
3.4.5 Security Entity Maintenance (optional)
--------------------------------------------
-***** This section is under construction (3.4.5) DST
-
interface RoleManagement
{
->>>> remove >>> String getRole( User user, String name );
- Iterator getRoles( User user );
+ Iterator getRoles(String username);
Iterator getRoles();
- void saveRole( Role role );
- Role addRole( Role role );
- void removeRole(Role role );
+ void addRole(String role);
+ void removeRole(String role);
+
+ grantRole(String username, String role);
+ revokeRole(User user, String role);
}
-interface SecurityActionManagement
+interface GroupManagement
{
->>>> remove >>> String getSecurityAction( User user, String name );
->>> remove >>>> Iterator getSecurityActions( User user );
- Iterator getSecurityActions();
->>>> remove >>> void saveSecurityAction(User requestor, String action );
->>>> remove >>> String addSecurityAction(User requestor, String action );
->>>> remove >>> void removeSecurityAction(User requestor, String action );
-}
+ Iterator getGroups(String username);
+ Iterator getGroups();
+ void addGroup(String group);
+ void removeGroup(String group);
-// In the default implementation constraints are stored in the security registry
+ joinGroup(String username, String group);
+ unjoinGroup(String username, String group);
+}
-interface SecurityConstraintManager
+interface SecurityActionManagement
{
- SecurityConstraint getSecurityConstraint( User user, String name );
- Iterator getSecurityConstraints( User user );
- Iterator getSecurityConstraints();
- void saveSecurityConstraint(User requestor, SecurityConstraint constraint);
- SecurityConstraint addSecurityConstraint(User requestor, SecurityConstraint
constraint );
- void removeSecurityConstraint(User requestor, SecurityConstraint constraint );
-
+ Iterator getActions();
+ void addAction(String action);
+ void removeAction(String action);
}
+
-------------------------------------------------------------------------------------------------------
(4) Deployment -- Jetspeed Security Tags in Registry and PSML
-------------------------------------------------------------------------------------------------------
@@ -514,8 +502,6 @@
The id can be used to uniquely reference a security constraint in an external
security policy.
-
-
--------------------------------------
4.5 Default Behavior of Descriptors
--------------------------------------
@@ -524,17 +510,12 @@
In this case, like the Servlet 2.3 specification, the lack of a security descriptor
implies granting access
to everyone, and that no permission checks will be executed.
-To state it clearly:
-
By default, authentication is not needed to access resources.
-To summarize: if you do not specify a security descriptor, by default, everyone is
granted access.
-If you specify a security descriptor without any roles(principals), everyone is
denied.
-
---------------------------------------
-4.6 Uniqueness of entries
---------------------------------------
+--------------------------------------------------------------
+5. Jetspeed Configuration
+--------------------------------------------------------------
-In order for all entries to be uniquely identifiable in the portal by the Security
Manager, security ids must be unique
-to the security system implementation.
+Services will be configured in the JetspeedSecurity.properties file as Turbine
services.
+The services are defined in section 3.4 above.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
