GVPolicy
Contents
Description
GVPolicy element defines the configuration of the GreenVulcano® ESB ACL Policy framework.
An access control list (ACL) defines a set of authorization constraints attached to a GreenVulcano® ESB services. When a client invoke a GreenVulcano® ESB service in an ACL-based security model, the ESB first checks the ACL for an applicable entry to decide whether the requested operation is authorized. When you create a service, you can configure its access control list for a specific combination of roles, client subnet or client specific IP.
GreenVulcano® ESB Configuration
Element GVPolicy belongs to GVCore and it is visualized from the VulCon® Core View.
The following table shows the GVPolicy attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | This attribute must assume the value module. |
| name | fixed | This attribute must assume the value POLICY_MANAGER. |
Its subelements are:
Roles
This element defines the Roles to be used in ACL configuration.
Role
Defines a policy role.
Its attributes are:
| Attribute | Type | Description |
|---|---|---|
| name | required | Role name |
Its subelements are:
Addresses
This element defines the AddressSet to be used in ACL configuration.
AddressSet
Defines a policy list of IP or sub-nets.
Its attributes are:
| Attribute | Type | Description |
|---|---|---|
| name | required | AddressSet name |
Its subelements are:
Address
Its attributes are:
| Attribute | Type | Description |
|---|---|---|
| address | required | IP or sub-net mask |
ACLGreenVulcano
ACLGreenVulcano is the implementation that associates an ACL to a resource (ex. a GreenVulcano® ESB service)
The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | This attribute must assume the value acl-manager |
| class | fixed | This attribute must assume the value it.greenvulcano.gvesb.policy.impl.ACLGreenVulcano |
Its subelements are:
DefaultRes
This element defines a default ACL definition, to be applied to all Services.
The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | "resource" |
Its subelements are:
ServiceRes
This elements defines a GVCore Group/Service/Operation ACL definition.
The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | "resource" |
| group | optional | Group name. |
| service | optional | Service name. |
| operation | optional | Operation name. |
Its subelements are:
ACL
This element defines a resource/condition ACL (Access Control List).
Its subelements are:
RoleRef
Defines an ACL role reference. The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| name | required | Point to a Role definition |
AddressSetRef
Defines an ACL address set reference. The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| name | required | Point to a AddressSet definition |
{{#w4grb_rate:}}
<w4grb_ratinglist latestvotes items="5" nosort/>
