Hi Nicholas The decorator is responsible for maintaining an index/cache of XACML policies for evaluation - hence why it is present with FeSL installed.
There are other differences between non-FeSL and FeSL installations - significantly the web.xml adds servlet filters to actually do the AuthN and AuthZ. FeSL policies are stored in DOs with a FESLPOLICY datastream. There are some default/bootstrap policies that are added when the server starts up for the first time - in your FeSL installation you will see these; in your non-FeSL installation these won't be present. You'll probably find it easier overall to start from a new installation, and point the installation at your objects and datastreams directories from your old installation; similarly with the SQL database (or you can just do a rebuild to rebuild your SQL database and resource index). If you take a look at the upgrade instructions you'll see how to do this. Regards Steve > -----Original Message----- > From: Nicholas W [mailto:[email protected]] > Sent: 11 March 2011 09:16 > To: [email protected] > Subject: [fcrepo-user] fedora.cfg setup for FeSL > > > Hi All, > I am looking at the difference between two fedora.cfg files that > where set up using the installation script. One is on a slightly older > installation without FeSL installed, and the newer one I installed > just recently with FeSL. I am looking to see what I might need to > change to add FeSL to an existing running repository (and also at > another unrelated apparent difference in the installations). I notice > in the > > <module role="org.fcrepo.server.management.Management" > class="org.fcrepo.server.management.ManagementModule"> > > definition there is added: > > <param name="decorator2" > value="org.fcrepo.server.security.xacml.pdp.decorator.PolicyIn > dexInvocationHandler"/> > > > However nothing appears to have been added to: > <module role="org.fcrepo.server.access.Access" > class="org.fcrepo.server.access.DefaultAccess"> > > in the FC with FeSL. > > Is this normal? I would like to be able to apply policies that can > control the reading of certain types of datastreams in certain types > of objects. Should this still work? > > Thanks a lot, > Nicholas W. > > -------------------------------------------------------------- > ---------------- > Colocation vs. Managed Hosting > A question and answer guide to determining the best fit > for your organization - today and in the future. > http://p.sf.net/sfu/internap-sfd2d > _______________________________________________ > Fedora-commons-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
