Mais conteúdo relacionado Semelhante a Authorization and Security Enforcement (20) Mais de Alfresco Software (20) Authorization and Security Enforcement22. Public Services 4 Security Enforcement <bean id="NodeService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property> <property name="objectDefinitionSource"> <value> org.alfresco.service.cmr.repository.NodeService.getStores=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties org.alfresco.service.cmr.repository.NodeService.createStore=ACL_METHOD.ROLE_ADMINISTRATOR org.alfresco.service.cmr.repository.NodeService.exists=ACL_ALLOW org.alfresco.service.cmr.repository.NodeService.getNodeStatus=ACL_NODE.0.sys:base.ReadProperties org.alfresco.service.cmr.repository.NodeService.getRootNode=ACL_NODE.0.sys:base.ReadProperties org.alfresco.service.cmr.repository.NodeService.createNode=ACL_NODE.0.sys:base.CreateChildren ... org.alfresco.service.cmr.repository.NodeService.*=ACL_DENY </value> </property> </bean> public ChildAssociationRefcreateNode( NodeRefparentRef, QNameassocTypeQName, QNameassocQName, QNamenodeTypeQName) throws InvalidNodeRefException, InvalidTypeException; 23. Public Services 5 Security Enforcement <bean id="NodeService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property> <property name="objectDefinitionSource"> <value> org.alfresco.service.cmr.repository.NodeService.getStores=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties org.alfresco.service.cmr.repository.NodeService.createStore=ACL_METHOD.ROLE_ADMINISTRATOR org.alfresco.service.cmr.repository.NodeService.exists=ACL_ALLOW org.alfresco.service.cmr.repository.NodeService.getNodeStatus=ACL_NODE.0.sys:base.ReadProperties org.alfresco.service.cmr.repository.NodeService.getRootNode=ACL_NODE.0.sys:base.ReadProperties org.alfresco.service.cmr.repository.NodeService.createNode=ACL_NODE.0.sys:base.CreateChildren ... org.alfresco.service.cmr.repository.NodeService.*=ACL_DENY </value> </property> </bean> public ChildAssociationRefcreateNode( NodeRefparentRef, QNameassocTypeQName, QNameassocQName, QNamenodeTypeQName) throws InvalidNodeRefException, InvalidTypeException; createNode=ACL_NODE.0.sys:base.CreateChildren 24. Public Services 6 Security Enforcement <bean id="NodeService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property> <property name="objectDefinitionSource"> <value> org.alfresco.service.cmr.repository.NodeService.getStores=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties org.alfresco.service.cmr.repository.NodeService.createStore=ACL_METHOD.ROLE_ADMINISTRATOR org.alfresco.service.cmr.repository.NodeService.exists=ACL_ALLOW org.alfresco.service.cmr.repository.NodeService.getNodeStatus=ACL_NODE.0.sys:base.ReadProperties org.alfresco.service.cmr.repository.NodeService.getRootNode=ACL_NODE.0.sys:base.ReadProperties org.alfresco.service.cmr.repository.NodeService.createNode=ACL_NODE.0.sys:base.CreateChildren ... org.alfresco.service.cmr.repository.NodeService.*=ACL_DENY </value> </property> </bean> public ChildAssociationRefcreateNode( NodeRefparentRef, QNameassocTypeQName, QNameassocQName, QNamenodeTypeQName) throws InvalidNodeRefException, InvalidTypeException; createNode=ACL_NODE.0.sys:base.CreateChildren public ChildAssociationRefcreateNode( NodeRefparentRef, 25. Public Services 7 Security Enforcement <bean id="NodeService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property> <property name="objectDefinitionSource"> <value> org.alfresco.service.cmr.repository.NodeService.getStores=ACL_ALLOW,AFTER_ACL_NODE.sys:base.ReadProperties org.alfresco.service.cmr.repository.NodeService.createStore=ACL_METHOD.ROLE_ADMINISTRATOR org.alfresco.service.cmr.repository.NodeService.exists=ACL_ALLOW org.alfresco.service.cmr.repository.NodeService.getNodeStatus=ACL_NODE.0.sys:base.ReadProperties org.alfresco.service.cmr.repository.NodeService.getRootNode=ACL_NODE.0.sys:base.ReadProperties org.alfresco.service.cmr.repository.NodeService.createNode=ACL_NODE.0.sys:base.CreateChildren ... org.alfresco.service.cmr.repository.NodeService.*=ACL_DENY </value> </property> </bean> public ChildAssociationRefcreateNode( NodeRefparentRef, QNameassocTypeQName, QNameassocQName, QNamenodeTypeQName) throws InvalidNodeRefException, InvalidTypeException; org.alfresco.service.cmr.repository.NodeService.*=ACL_DENY 45. An ACL applies to the node and ALL of its properties 48. One global ACL (context free) – applies to all nodes 56. ACLs 16 Example All – Read – Allow – 0 1 2 6 7 3 8 9 4 5 11 10 13 12 14 57. ACLs 17 Example All – Read – Allow – 0 1 All – Read – Allow – 1 2 6 7 3 8 9 4 5 11 10 13 12 14 58. ACLs 18 Example All – Read – Allow – 2 ROLE_OWNER – All – Allow – 0 GROUP_A – Write – Allow – 0 GROUP_A – CreateChildren – Allow – 0 1 2 6 7 3 8 9 4 5 11 10 13 12 14 59. ACLs 19 Example All – Read – Allow – 0 1 All – Read – Allow – 1 2 6 All – Read – Allow – 2 Andy – All – Allow – 0 Bob – Write – Allow – 0 Bob – WriteContent – Deny – 0 7 3 8 9 4 5 11 10 13 12 14 115. Adds a new AccessDecisionVoter and related classes 120. Create is a combination of RM capabilities