[
https://issues.apache.org/jira/browse/JS2-1281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13627481#comment-13627481
]
Randy Watler commented on JS2-1281:
-----------------------------------
Fix commits: 1466333, 1466334, 1466335.
Implemented with Security Constraints Reference Expressions in 2.2.3 trunk and
2.1.4 branch. Here are the updated sections from the PSML Declarative Security
docs:
Declarative and Global Constraints
----------------------------------
Declarative constraints are defined in the page.security file of the root of a
site. Declarative constraints are referenced in pages and folders with the
security-constraints-ref tag. Global constraints are also declarative
constraints. They are also defined and found in the page.security file in the
root PSML repository. The difference with global constraints is that they
implicitly apply to all folders and pages within the scope of the page.security
file, (i.e. the site). Note that there can be only one page.security file in a
Jetspeed installation.
<security-constraints-def name="admin">
<security-constraint>
<roles>admin</roles>
<permissions>view, edit</permissions>
</security-constraint>
</security-constraints-def>
<global-security-constraints-ref>admin</global-security-constraints-ref>
Constraint names are limited to letters, numbers, "_", "-", and "." characters.
Constraints Reference Expressions
---------------------------------
In addition to constraint reference by name, the security-constraints-ref and
global-security-constraints-ref tags accept logical expressions with constraint
reference operands to express more complex grants. Expressions are normally
employed when the default "OR" grant logic of security constraints lists
becomes awkward or alternative logic such as "AND" or "NOT" is required.
<global-security-constraints-ref>admin and
noc</global-security-constraints-ref>
<security-constraints-ref>(support || engineering) &&
!marketing</security-constraints-ref>
Expressions are infix and support the following operators: "and", "or", "not",
"(", ")", "&&", "||" and "!". The usual operator precedence rules for logical
expressions apply.
> Generalize Security Constraints to support "AND" in addition to "OR" grant
> specification.
> -----------------------------------------------------------------------------------------
>
> Key: JS2-1281
> URL: https://issues.apache.org/jira/browse/JS2-1281
> Project: Jetspeed 2
> Issue Type: Improvement
> Components: PSML
> Affects Versions: 2.1.4, 2.2.2
> Environment: File and DB PSML
> Reporter: Randy Watler
> Assignee: Randy Watler
> Fix For: 2.2.3
>
> Original Estimate: 48h
> Time Spent: 48h
> Remaining Estimate: 0h
>
> Security Constraints on Folders, Pages, Links, and Fragments support
> collections of alternative, ("OR"), permission grants. Occasionally, the need
> arises to support combined permission grants, ("AND"), where access is
> granted only when some number of permissions grant of deny access. This is
> best generalized by supporting the specification of logical operators and
> permission grants/denials.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org
