On 14 Jun 2009, at 17:15, Eric Norman (JIRA) wrote:
[ https://issues.apache.org/jira/browse/SLING-981?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Norman updated SLING-981:
------------------------------
Attachment: SLING-981_patch.txt
Hi Ian,
I agree that bootstrapping the principals and security policies is
an important feature that is missing from sling.
I've taken a look at your contribution and in my opinion this
functionality should really be integrated into the base
ContentLoader. I think that would be easier to maintain and ensures
that the nodes are created before the ACLs.
I've prepared a new patch (attached as SLING-981_patch.txt) that
provides the same functionality by patching the
org.apache.sling.jcr.contentloader bundle.
Also for clarity, I have slightly modified the JSON syntax you had
proposed. Hopefully there will not be any conflicts with node
properties using the new reserved names 'security:acl' and
'security:princpals'.
The new JSON syntax to create Users and Groups:
{
"security:principals" : [
{
"name":"TestUser1",
"password":"mypassword",
"extraProp1":"extraProp1Value"
},
{
"name":"TestGroup1",
"isgroup":"true",
"members":["TestUser1"],
"extraProp1":"extraProp1Value"
}
]
}
And the JSON syntax to create an ACL for the current node:
{
"security:acl" : [
{
"principal" : "TestGroup1",
"granted" : [
"jcr:read",
"jcr:write"
]
},
{
"principal" : "TestUser1",
"granted" : [
"jcr:read"
],
"denied" : [
"jcr:write"
]
}
]
}
What do you think?
Yes, makes perfect sense to me, much better.
Ian
A security loader, along the lines of the contentloader to make it
possible to populate ACL,s and Authorizables on startup
--------------------------------------------------------------------------------------------------------------------------
Key: SLING-981
URL: https://issues.apache.org/jira/browse/SLING-981
Project: Sling
Issue Type: New Feature
Components: JCR Contentloader
Reporter: Ian Boston
Attachments: securityloader.tgz, SLING-981_patch.txt
Th small tar to follow allows bundles to include a Sakai-Initial-
Security (to be renamed) header in the manifest that points to a
json file containing acl and authorizable setup for the repository.
This may include users or groups as required by the acl's and the
acls. In for form
{
"principals" : [
{
"name":"owner",
"isgroup":"true",
"members":[],
"dynamic":"true"
},
{
"name":"everyone",
"isgroup":"true",
"members":[],
"dynamic":"true"
}
],
"acl" : [
{
"path":"/_private",
"principal":"owner",
"privil...@jcr:read":"granted",
"privil...@jcr:write":"granted"
},
{
"path":"/public",
"principal":"owner",
"privil...@jcr:read":"granted",
"privil...@jcr:write":"granted"
},
{
"path":"/public",
"principal":"everyone",
"privil...@jcr:read":"granted"
}
]
}
The code is largely based on the contentloader with quite a bit of
copying (ugly sorry), but since it may not be wanted in in some
installations I feel its better off in its own bundle. If its
acceptable to have it in all distributions, then obviusly it should
be a patch to contentloader.
I looked and asked for this functionality already existing in
Sling, but could not find it hence the patch. If there is a better
way of doing the same already in the code base then closing this
with "invalid" would be the right thing to do.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
