On 24 Aug 2009, at 01:59, go canal wrote:
Thanks Ian.
Was thinking about the pros and cons of various options.
Some questions:
you will also need to protect the role property...
Why this could potentially become a security concern? You mean
configuring loginModule in repository.xml is not good enough?
If you control all the code in the JVM and do not expose any mechanism
which would allow the user to manipulate a property on a node, then
there is no need to protect the property,
however if any user entered data could represent the name of a
property, and the user can modify that property, then you should think
about protecting the role property.
My other considerations for this approach (adding 'role' into node)
are:
- how should I reference the role definition (which is defined in
an SQL database)? reference the role ID - is it considered as bad or
accetptable design?
- 'roles' in my application are defined at run time, not simple
'User' and 'Admin'.
The AccessControlManager (or AccessManager pre 1.5) is a high traffic
part of the JCR, so you must cache in memory any lookups to anything
and be very wary of doing anything that could consume resources inside
the access control manager.
You should also be aware that if you try and read at properties on a
node, with the same session as the one that generated the access
control manager assertion, it will result in a recursive call.
... all configured by adding entries into repository.xml
I did not find any 'Role' related configuration...or you mean
something else, Access Manager ?
I meant that you can customize repository.xml to use your classes.
it will be hard to make this secure, as there are many ways to get
a node
You mean WebDAV sort of stuff ? What if I do not enable it? What
else ?
anything that you allow into the JVM that can get hold of a jcr
session or a jcr node.
If you are deploying standard Jackrabbit to Tomcat, then look for any
servlets so you know what end points are there and what they do, and
make certain no one has the ability to upload jsp's or do server side
scripting in the JVM.
If you protect the role property, then you know the node is protected
by the access manager and your security becomes core (as it was
intended) rather than boundary (which could be leaky)
rgds,
canal
________________________________
From: Ian Boston <[email protected]>
To: [email protected]
Sent: Monday, August 24, 2009 1:40:08 AM
Subject: Re: how to implement role based access control
On 23 Aug 2009, at 04:23, go canal wrote:
Hello,
would like to seek some advices on how to implement role based
access control.
let's say I have several thousands of files, two roles defined A
and B. users are assigned role A or B.
file access control is based on roles.
How should I implement this role based access control in Jackrabbit?
1) should I add a 'role' property in the file node? and then
implement my own access manager with isGranted() ?
you could, however you will also need to protect the role property
to make certain that only authorized users can change it.
There are a number of examples to play with, all configured by
adding entries into repository.xml
2) or should I implement a filter which filters the returned list ?
it will be hard to make this secure, as there are many ways to get a
node and it all depends on the level of access the "client" has to
the repository.
For instance, approach 1 will generate valid sets of search results
for the user in question.
2 Would require a custom filter for points at which a search was made.
HTH
Ian
thanks in advance !
canal
