Dear Wiki user, You have subscribed to a wiki page or wiki category on "Jakarta-slide Wiki" for change notification.
The following page has been changed by PhilBurnside: http://wiki.apache.org/jakarta-slide/Getting_Started_Domain%2eXML New page: To be used in conjunction with the web.xml file available on ["Getting Started Web.XML"] {{{ <?xml version="1.0"?> <!-- Phillip Burnside, 12/05/2005. I have customised this Domain.xml file to simplify the implementation of a SLIDE namespace and store. You will find an original Domain.sample available within the bundled software downloaded from Apache. I have included comments with the identifier "#Phil - dd/mm/yyyy" --> <slide> <namespace name="primary"> <definition> <store name="primary"> <parameter name="tlock-timeout">120</parameter> <nodestore classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore"> <!-- #Phil 12/05/2005 I changed the default on these paths to point to a manageable subdirectory. The default is "C:/" but it doesn't tell you that --> <parameter name="rootpath">D:/SLIDESTORE/primary/store/metadata</parameter> <parameter name="workpath">D:/SLIDESTORE/primary/work/metadata</parameter> <parameter name="defer-saving">true</parameter> <parameter name="timeout">120</parameter> </nodestore> <sequencestore classname="org.apache.slide.store.txfile.FileSequenceStore"> <parameter name="rootpath">/primary/store/sequence</parameter> </sequencestore> <securitystore> <reference store="nodestore"/> </securitystore> <lockstore> <reference store="nodestore"/> </lockstore> <revisiondescriptorsstore> <reference store="nodestore"/> </revisiondescriptorsstore> <revisiondescriptorstore> <reference store="nodestore"/> </revisiondescriptorstore> <contentstore classname="org.apache.slide.store.txfile.TxFileContentStore"> <parameter name="rootpath">/primary/store/content</parameter> <parameter name="workpath">/primary/work/content</parameter> <parameter name="defer-saving">true</parameter> <parameter name="timeout">120</parameter> </contentstore> <!-- uncomment if you want to use the sample Indexer --> <!-- be sure to have Lucene in your classpath --> <!-- <contentindexer classname="org.apache.slide.index.SampleTxtContainsIndexer"> <parameter name="indexpath">./index</parameter> </contentindexer> --> </store> <!-- #Phil - 12/05/2005 This is where you define the scope of your namespace. Defining it as "/" means this is the default store for the namespace. This has more relevance when implementing multiple stores. Effectively this maps a call to SLIDE to it's store. In order to invoke this store simply call "http://localhost:8080/slide"; --> <scope match="/" store="primary"/> </definition> <configuration> <!-- #Phil - 12/05/2005 Even though you may have a store mapping to the path "primary" it is best to define the actions at the highest level. This is done so that all further stores can use these bindings without having to redefine them. The security for these actions will still be controlled within the store security. --> <!-- Actions mapping --> <read-object>/actions/read</read-object> <create-object>/actions/write</create-object> <remove-object>/actions/write</remove-object> <grant-permission>/actions/write-acl</grant-permission> <revoke-permission>/actions/write-acl</revoke-permission> <read-permissions>/actions/read-acl</read-permissions> <read-own-permissions>/actions/read-current-user-privilege-set</read-own-permissions> <lock-object>/actions/write</lock-object> <kill-lock>/actions/unlock</kill-lock> <read-locks>/actions/read</read-locks> <read-revision-metadata>/actions/read</read-revision-metadata> <create-revision-metadata>/actions/write-properties</create-revision-metadata> <modify-revision-metadata>/actions/write-properties</modify-revision-metadata> <remove-revision-metadata>/actions/write-properties</remove-revision-metadata> <read-revision-content>/actions/read</read-revision-content> <create-revision-content>/actions/write-content</create-revision-content> <modify-revision-content>/actions/write-content</modify-revision-content> <remove-revision-content>/actions/write-content</remove-revision-content> <bind-member>/actions/bind</bind-member> <unbind-member>/actions/unbind</unbind-member> <!-- #Phil - 12/05/2005 The key things to be aware of here are : Users are defined within the store. This prevents any users having global access to all stores. If you want this then define them as "/users/name". This path setting will be the default path used by the primary store. Roles need to be defined at the root level. This has something to do with the Tomcat realm configuration and needs to be investigated further. Actions can be defined at root or store level. This is up to you howver to share actions across stores it is better to define them and their binding at the root level. acl_inheritance_type has four values (see here for more details http://jakarta.apache.org/slide/howto-acl.html) The key thing to note is that if you turn inheritance to "none" you need to define the security for every level under /primary. This could become cumbersome. Similarly if you use the option "root" you need to define all of the security at the root level then refine at lower levels. --> <!-- Paths configuration --> <userspath>/primary/users</userspath> <rolespath>/roles</rolespath> <actionspath>/actions</actionspath> <filespath>/primary/main</filespath> <parameter name="dav">true</parameter> <parameter name="standalone">true</parameter> <parameter name="acl_inheritance_type">path</parameter> <!-- Nested roles: 0 means no nesting (default), 1 means one sublevel, etc. --> <parameter name="nested_roles_maxdepth">0</parameter> <!-- Can be "off", "write" and "full" --> <parameter name="sequential-mode">full</parameter> <!-- "false" lets all read-only methods be executed outside of transactions --> <parameter name="all-methods-in-transactions">true</parameter> <!-- Setting this to true will force Slide to internally convert the username a user enters at login to lowercase. This is useful for users who can't be bothered with turning off their capslock key before logging in. --> <parameter name="force-lowercase-login">false</parameter> </configuration> <data> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/"> <!-- Subject can be: any user "all" authenticated user "authenticated" unauthenticated user "unauthenticated" self "self" owner of resource "owner" a user "/primary/users/john" a role "/primary/roles/admin" --> <!-- #Phil - 12/05/2005 Now this is the fun bit. I have taken out the samples provided by the apache team as they do seem to confuse things. I have defined 2 users - "user1" and "user2". User1 gets the properties to write files explicitly whilst user2 gets them by being a member of a role. You will notice that you have to define the access rights at each node level in the collection tree. Hence the definitions below which define actions available at "/". If you remove a permission for either user1 or role editor then that permission will be removed for all collections beneath "/". By all means play with this until you are happy that you have it straight. Once you do then look at the sample provided by Apache and it should make alot more sense. NOTE - At the time of writing there was a bug with the security model. When it is loaded the new permissions are added to existing permissions on collections NOT replacing them. You need to flush the security buffers of the metadata in order to have new permissions take full hold. Please see "Tips and Tricks" on the WebDAV Open Source Wiki (hopefully still here - http://10.233.106.142:8080/xwiki/bin/view/Main/TipsandTricks) --> <permission action="/actions/read-acl" subject="all" inheritable="true"/> <permission action="/actions/write-acl" subject="all" inheritable="true"/> <permission action="/actions/unlock" subject="all" inheritable="true"/> <permission action="/actions/read" subject="all" inheritable="true"/> <permission action="/actions/write" subject="/primary/users/user1" inheritable="true"/> <permission action="/actions/bind" subject="/primary/users/user1" inheritable="true"/> <permission action="/actions/write" subject="/roles/editor" inheritable="true"/> <permission action="/actions/bind" subject="/roles/editor" inheritable="true"/> <!-- /users --> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/users"> <permission action="all" subject="self" inheritable="true"/> <permission action="all" subject="/primary/roles/projector" inheritable="true"/> <permission action="" subject="unauthenticated" inheritable="true" negative="true"/> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/users/user1"> <revision> <property name="password">user1</property> </revision> </objectnode> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/users/user2"> <revision> <property name="password">user2</property> </revision> </objectnode> </objectnode> <!-- /roles --> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/roles"> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/roles/editor"> <revision> <property name="group-member-set"><![CDATA[<D:href xmlns:D='DAV:'>/primary/users/user2</D:href>]]></property> </revision> </objectnode> </objectnode> <!-- action --> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions"> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/read"> <revision> <property name="privilege-member-set"><![CDATA[ <D:href xmlns:D='DAV:'>/actions/read-acl</D:href> <D:href xmlns:D='DAV:'>/actions/read-current-user-privilege-set</D:href>]]> </property> </revision> </objectnode> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/read-acl"> <revision> <property name="privilege-member-set"/> </revision> </objectnode> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/read-current-user-privilege-set"> <revision> <property name="privilege-member-set"/> </revision> </objectnode> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/write"> <revision> <property name="privilege-member-set"><![CDATA[ <D:href xmlns:D='DAV:'>/actions/write-acl</D:href> <D:href xmlns:D='DAV:'>/actions/write-properties</D:href> <D:href xmlns:D='DAV:'>/actions/write-content</D:href>]]> </property> </revision> </objectnode> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/write-acl"> <revision> <property name="privilege-member-set"/> </revision> </objectnode> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/write-properties"> <revision> <property name="privilege-member-set"/> </revision> </objectnode> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/write-content"> <revision> <property name="privilege-member-set"><![CDATA[ <D:href xmlns:D='DAV:'>/actions/bind</D:href> <D:href xmlns:D='DAV:'>/actions/unbind</D:href>]]> </property> </revision> </objectnode> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/bind"> <revision> <property name="privilege-member-set"/> </revision> </objectnode> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/unbind"> <revision> <property name="privilege-member-set"/> </revision> </objectnode> <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/unlock"> <revision> <property name="privilege-member-set"/> </revision> </objectnode> </objectnode> <!-- #Phil - 12/05/2005 This is what I meant by inheriting through the collection nodes. If you take the permission away from "/primary" then the user/role will not have the permission at "/primary/main". Have a go...it can be entertaining. In this build I have disables "/roles/editor" from adding files to "/primary" and therefore "/primary/main" To enable it either remove the "negative=" parameter or set it to "false" TIP - do remember to flush the security buffers in the metadata otherwise weird and wonderful things will happen. --> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary"> <permission action="/actions/write" subject="/primary/users/user1" inheritable="true"/> <permission action="/actions/bind" subject="/primary/users/user1" inheritable="true"/> <permission action="/actions/write" subject="/roles/editor" inheritable="true" negative="true"/> <permission action="/actions/bind" subject="/roles/editor" inheritable="true"/> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/main"> <permission action="/actions/write" subject="/primary/roles/root" inheritable="true"/> <permission action="/actions/read-acl" subject="owner" inheritable="true"/> <permission action="/actions/write" subject="/primary/users/user1" inheritable="true"/> <permission action="/actions/bind" subject="/primary/users/user1" inheritable="true"/> <permission action="/actions/write" subject="/primary/roles/editor" inheritable="true"/> <permission action="/actions/bind" subject="/primary/roles/editor" inheritable="true"/> </objectnode> </objectnode> <!-- #Phil - 12/05/2005 These collections were all defined within the base build. All I have done is move them under the "/primary" collection. I have done this to isolate the files from any additional stores which might be defined. --> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/projector"> <permission action="/actions/write" subject="/primary/roles/projector" inheritable="true"/> <permission action="/actions/read-acl" subject="owner" inheritable="true"/> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/projector/work"> </objectnode> </objectnode> <!-- DeltaV: default history and workspace paths --> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/history"> <permission action="all" subject="unauthenticated" inheritable="true"/> <permission action="/actions/write" subject="/primary/roles/user" inheritable="true"/> <permission action="/actions/read-acl" subject="owner" inheritable="true"/> <permission action="/actions/read" subject="all" inheritable="true"/> </objectnode> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/workspace"> <permission action="all" subject="unauthenticated" inheritable="true"/> <permission action="/actions/write" subject="/primary/roles/user" inheritable="true"/> <permission action="/actions/read-acl" subject="owner" inheritable="true"/> </objectnode> <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/workingresource"> <permission action="all" subject="unauthenticated" inheritable="true"/> <permission action="/actions/write" subject="/primary/roles/user" inheritable="true"/> <permission action="/actions/read-acl" subject="owner" inheritable="true"/> </objectnode> </objectnode> </data> </namespace> <!-- DeltaV global parameters ======================== * historypath (mandatory=no, default="/history"): Specifies a Slide path which determines the location where this DeltaV server stores history data. * workspacepath (mandatory=no, default="/workspace"): Specifies a Slide path which determines the location where this DeltaV server allows workspaces to reside. * workingresourcepath (mandatory=no, default="/workingresource"): Specifies a Slide path which determines the location where this DeltaV server stores working resources. * auto-version (mandatory=no, default="checkout-checkin"): Controls the DeltaV auto-version behaviour. * auto-version-control (mandatory=no, default="false"): Indicates if a resource just created by a PUT should be set under version-control. * versioncontrol-exclude (mandatory=no, default=""): Specifies a Slide path which determines resources which are excluded from version-control. The default value "" makes no path being excluded. * checkout-fork (mandatory=no, default="forbidden"): Controls the DeltaV check-out behaviour when a version is already checked-out or has a successor. * checkin-fork (mandatory=no, default="forbidden"): Controls the DeltaV check-out behaviour when a version has already a successor. * standardLivePropertiesClass (mandatory=no, default="org.apache.slide.webdav.util.resourcekind.AbstractResourceKind"): Determines the "agent" knowing about what the standard live properties are. It should be a loadable class containing the following static methods: - boolean isLiveProperty(String propName) - boolean isProtectedProperty(String propName) - boolean isComputedProperty(String propName) - Set getAllLiveProperties() - Set getAllProtectedProperties() - Set getAllComputedProperties() * uriRedirectorClass (mandatory=no, default="org.apache.slide.webdav.util.DeltavUriRedirector"): Determines the URI redirector class. The DeltaV URI redirector is in charge of the following redirections: - version URI to history URI, e.g. /history/2/1.4 to /history/2 - latest revision number for history resource to 0.0 - latest revision number for version resource to last URI token, e.g. /history/2/1.4 to 1.4 It should be a loadable class containing the following static methods: - String redirectUri(String uri) - NodeRevisionNumber redirectLatestRevisionNumber(String uri) --> <!-- #Phil - 12/05/2005 Have again taken this as verbatim. The only addition is to move the collections under the "/primary" collection. --> <parameter name="historypath">/primary/history</parameter> <parameter name="workspacepath">/primary/workspace</parameter> <parameter name="workingresourcepath">/primary/workingresource</parameter> <parameter name="auto-version">checkout-checkin</parameter> <parameter name="auto-version-control">true</parameter> <parameter name="versioncontrol-exclude"/> <parameter name="checkout-fork">forbidden</parameter> <parameter name="checkin-fork">forbidden</parameter> <!-- Extractor configuration --> <extractors> <extractor classname="org.apache.slide.extractor.SimpleXmlExtractor" uri="/primary/files/articles/test.xml"> <configuration> <instruction property="title" xpath="/article/title/text()" /> <instruction property="summary" xpath="/article/summary/text()" /> </configuration> </extractor> <extractor classname="org.apache.slide.extractor.OfficeExtractor" uri="/primary/files/docs/"> <configuration> <instruction property="author" id="SummaryInformation-0-4" /> <instruction property="application" id="SummaryInformation-0-18" /> </configuration> </extractor> </extractors> <!-- Event configuration --> <events> <event classname="org.apache.slide.webdav.event.WebdavEvent" enable="true" /> <event classname="org.apache.slide.event.ContentEvent" enable="true" /> <event classname="org.apache.slide.event.ContentEvent" method="retrieve" enable="false" /> <event classname="org.apache.slide.event.EventCollection" enable="true" /> <event classname="org.apache.slide.event.TransactionEvent" enable="true" /> <event classname="org.apache.slide.event.MacroEvent" enable="true"/> <!--listener classname="org.apache.slide.util.event.EventLogger" /--> <listener classname="org.apache.slide.event.VetoableEventCollector" /> <listener classname="org.apache.slide.event.TransientEventCollector" /> <listener classname="org.apache.slide.webdav.event.NotificationTrigger"> <configuration> <notification include-events="false" /> <persist-subscriptions filename="subscriptions.xml" /> </configuration> </listener> <listener classname="org.apache.slide.extractor.PropertyExtractorTrigger" /> <listener classname="org.apache.slide.search.IndexTrigger"> <configuration> <indexer classname="org.apache.slide.search.LoggingIndexer" synchronous="false" uri="/primary/files/articles" /> </configuration> </listener> <!-- Uncomment for cluster support. Be sure to local-host and repository-host --> <!-- <listener classname="org.apache.slide.cluster.ClusterCacheRefresher"> <configuration> <node local-host="local.host.domain" local-port="4444" repository-host="remote.host.domain" repository-port="8080" repository-protocol="http" username="root" password="root" base-uri="/files/" /> </configuration> </listener> --> <listener classname="org.apache.slide.macro.MacroPropertyUpdater"> <!-- Listener that updates some properties if resources are copied or moved. This requires MacroEvents enabled (at least methods copy and move) --> <configuration> <update-displayname>true</update-displayname> <update-owner-on-move>false</update-owner-on-move> <update-owner-on-copy>true</update-owner-on-copy> </configuration> </listener> </events> </slide> }}} --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
