2011-07-28 22:50:35 +02:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<Privilege>
|
|
|
|
|
|
|
|
<Container>
|
|
|
|
|
|
|
|
<Parameters>
|
|
|
|
<!-- parameters for the container itself -->
|
2015-10-16 13:16:27 +02:00
|
|
|
<Parameter name="secretKey" value="5185F447-6317-4856-B40E-573919BA0A16" />
|
|
|
|
<Parameter name="secretSalt" value="00F6E88C-A64F-410A-8FCF-9CD340E340F7" />
|
|
|
|
<Parameter name="persistSessions" value="true" />
|
|
|
|
<Parameter name="persistSessionsPath" value="./target/${target}/sessions.dat" />
|
2015-03-08 21:44:21 +01:00
|
|
|
<Parameter name="autoPersistOnUserChangesData" value="true" />
|
2015-03-13 22:55:10 +01:00
|
|
|
<Parameter name="privilegeConflictResolution" value="STRICT" />
|
2011-07-28 22:50:35 +02:00
|
|
|
</Parameters>
|
|
|
|
|
|
|
|
<EncryptionHandler class="ch.eitchnet.privilege.handler.DefaultEncryptionHandler">
|
|
|
|
<Parameters>
|
|
|
|
<Parameter name="hashAlgorithm" value="SHA-256" />
|
|
|
|
</Parameters>
|
|
|
|
</EncryptionHandler>
|
|
|
|
|
|
|
|
<PersistenceHandler class="ch.eitchnet.privilege.handler.XmlPersistenceHandler">
|
|
|
|
<Parameters>
|
2015-10-16 13:16:27 +02:00
|
|
|
<Parameter name="basePath" value="./target/${target}" />
|
2016-02-28 19:53:53 +01:00
|
|
|
<Parameter name="usersXmlFile" value="PrivilegeUsers.xml" />
|
|
|
|
<Parameter name="rolesXmlFile" value="PrivilegeRoles.xml" />
|
2011-07-28 22:50:35 +02:00
|
|
|
</Parameters>
|
|
|
|
</PersistenceHandler>
|
|
|
|
|
|
|
|
</Container>
|
|
|
|
|
|
|
|
<Policies>
|
|
|
|
<Policy name="DefaultPrivilege" class="ch.eitchnet.privilege.policy.DefaultPrivilege" />
|
[Major] removed the need for a role PrivilegeAdmin - now use privileges
- this solves the situation where a user might be allowed to add a user
with a specific role, but not change a role and other such use cases
Now there are privileges for every use case with two new
PrivilegePolicies:
- RoleAccessPrivilege
- UserAccessPrivilege
both of these policies expect a ch.eitchnet.utils.collections.Tuple as
privilege value. The Tuple is a simple wrapper for two values: first and
second. Each privilege has its own requirement on the actual values
Special privilege actions:
- PrivilegeAction -> privilege vlaue: String
- Persist (required Allow)
- Reload (required Allow)
- GetPolicies (required Allow)
Role specific privileges:
- PrivilegeGetRole -> privilege value: Tuple(null, newRole)
- PrivilegeAddRole -> privilege value: Tuple(null, newRole)
- PrivilegeRemoveRole -> privilege value: Tuple(null, newRole)
- PrivilegeModifyRole -> privilege value: Tuple(oldRole, newRole)
Use specific privileges:
- PrivilegeGetUser -> privilege value: Tuple(null, newUser)
- PrivilegeAddUser -> privilege value: Tuple(null, newUser)
- PrivilegeRemoveUser -> privilege value: Tuple(null, newUser)
- PrivilegeModifyUser -> privilege value: Tuple(oldUser, newUser)
- NOTE: without modifying roles, only fields and properties!
- PrivilegeAddRoleToUser -> privilege value: Tuple(oldUser, roleName)
- PrivilegeRemoveRoleFromUser -> privilege value: Tuple(oldUser,
roleName)
2015-03-12 17:32:06 +01:00
|
|
|
<Policy name="RoleAccessPrivilege" class="ch.eitchnet.privilege.policy.RoleAccessPrivilege" />
|
|
|
|
<Policy name="UserAccessPrivilege" class="ch.eitchnet.privilege.policy.UserAccessPrivilege" />
|
2011-07-28 22:50:35 +02:00
|
|
|
</Policies>
|
|
|
|
|
|
|
|
</Privilege>
|