Difference between revisions of "GVPolicy"
(16 intermediate revisions by 2 users not shown) | |||
Line 2: | Line 2: | ||
GVPolicy element defines the configuration of the {{GVESB}} ACL Policy framework. | GVPolicy element defines the configuration of the {{GVESB}} ACL Policy framework. | ||
+ | |||
+ | An access control list (ACL) defines a set of authorization constraints attached to a {{GVESB}} services. | ||
+ | When a client invoke a {{GVESB}} service in an ACL-based security model, the ESB first checks the ACL for an | ||
+ | applicable entry to decide whether the requested operation is authorized. | ||
+ | When you create a service, you can configure its access control list for a specific combination of roles, client subnet | ||
+ | or client specific IP. | ||
=={{GVESB}} Configuration== | =={{GVESB}} Configuration== | ||
Line 19: | Line 25: | ||
* [[Description]] | * [[Description]] | ||
* [[#Roles|Roles]] | * [[#Roles|Roles]] | ||
+ | * [[#Addresses|Addresses]] | ||
* [[#ACLGreenVulcano|ACLGreenVulcano]] | * [[#ACLGreenVulcano|ACLGreenVulcano]] | ||
===Roles=== | ===Roles=== | ||
− | This element defines the | + | This element defines the [[#Role|Roles]] to be used in ACL configuration. |
− | |||
====Role==== | ====Role==== | ||
+ | Defines a policy role. | ||
Its attributes are: | Its attributes are: | ||
Line 33: | Line 40: | ||
|- | |- | ||
| name || required || Role name | | name || required || Role name | ||
+ | |} | ||
+ | |||
+ | Its subelements are: | ||
+ | * [[Description]] | ||
+ | |||
+ | ===Addresses=== | ||
+ | |||
+ | This element defines the [[#AddressSet|AddressSet]] to be used in ACL configuration. | ||
+ | |||
+ | ====AddressSet==== | ||
+ | Defines a policy list of IP or sub-nets. | ||
+ | |||
+ | Its attributes are: | ||
+ | {|class="gvtable" | ||
+ | ! Attribute !! Type !! Description | ||
+ | |- | ||
+ | | name || required || AddressSet name | ||
+ | |} | ||
+ | |||
+ | Its subelements are: | ||
+ | * [[Description]] | ||
+ | * [[#Address|Address]] | ||
+ | |||
+ | =====Address===== | ||
+ | |||
+ | Its attributes are: | ||
+ | {|class="gvtable" | ||
+ | ! Attribute !! Type !! Description | ||
+ | |- | ||
+ | | address || required || IP or sub-net mask | ||
|} | |} | ||
Line 55: | Line 92: | ||
====DefaultRes==== | ====DefaultRes==== | ||
− | This element defines a default ACL definition. | + | This element defines a default ACL definition, to be applied to all Services. |
The following table shows its attributes: | The following table shows its attributes: | ||
Line 66: | Line 103: | ||
Its subelements are: | Its subelements are: | ||
* [[Description]] | * [[Description]] | ||
− | * [[ | + | * [[#ACL|ACL]] |
====ServiceRes==== | ====ServiceRes==== | ||
− | This elements defines a GVCore | + | This elements defines a GVCore Group/Service/Operation ACL definition. |
The following table shows its attributes: | The following table shows its attributes: | ||
Line 78: | Line 115: | ||
| type || fixed || "resource" | | type || fixed || "resource" | ||
|- | |- | ||
− | | group || required || Group name. | + | | group || required|optional || Group name. |
|- | |- | ||
− | | service || required || Service name. | + | | service || required|optional || Service name. |
|- | |- | ||
− | | operation || required || Operation name. | + | | operation || required|optional || Operation name. |
|} | |} | ||
Its subelements are: | Its subelements are: | ||
* [[Description]] | * [[Description]] | ||
− | * [[ | + | * [[#ACL|ACL]] |
+ | |||
+ | ===ACL=== | ||
+ | This element defines a resource/condition [http://en.wikipedia.org/wiki/Access_control_list ACL] (Access Control List). | ||
+ | |||
+ | Its subelements are: | ||
+ | * [[#RoleRef|RoleRef]] | ||
+ | * [[#AddressSetRef|AddressSetRef]] | ||
+ | |||
+ | ====RoleRef==== | ||
+ | Defines an ACL role reference. | ||
+ | The following table shows its attributes: | ||
+ | {|class="gvtable" | ||
+ | ! Attribute !! Type !! Description | ||
+ | |- | ||
+ | | name || required || Point to a [[#Role|Role]] definition | ||
+ | |} | ||
+ | |||
+ | |||
+ | ====AddressSetRef==== | ||
+ | Defines an ACL address set reference. | ||
+ | The following table shows its attributes: | ||
+ | {|class="gvtable" | ||
+ | ! Attribute !! Type !! Description | ||
+ | |- | ||
+ | | name || required || Point to a [[#AddressSet|AddressSet]] definition | ||
+ | |} | ||
+ | |||
{{VOTE}} | {{VOTE}} |
Latest revision as of 11:02, 2 January 2015
Contents
Description
GVPolicy element defines the configuration of the GreenVulcano® ESB ACL Policy framework.
An access control list (ACL) defines a set of authorization constraints attached to a GreenVulcano® ESB services. When a client invoke a GreenVulcano® ESB service in an ACL-based security model, the ESB first checks the ACL for an applicable entry to decide whether the requested operation is authorized. When you create a service, you can configure its access control list for a specific combination of roles, client subnet or client specific IP.
GreenVulcano® ESB Configuration
Element GVPolicy belongs to GVCore and it is visualized from the VulCon® Core View.
The following table shows the GVPolicy attributes:
Attribute | Type | Description |
---|---|---|
type | fixed | This attribute must assume the value module. |
name | fixed | This attribute must assume the value POLICY_MANAGER. |
Its subelements are:
Roles
This element defines the Roles to be used in ACL configuration.
Role
Defines a policy role.
Its attributes are:
Attribute | Type | Description |
---|---|---|
name | required | Role name |
Its subelements are:
Addresses
This element defines the AddressSet to be used in ACL configuration.
AddressSet
Defines a policy list of IP or sub-nets.
Its attributes are:
Attribute | Type | Description |
---|---|---|
name | required | AddressSet name |
Its subelements are:
Address
Its attributes are:
Attribute | Type | Description |
---|---|---|
address | required | IP or sub-net mask |
ACLGreenVulcano
ACLGreenVulcano is the implementation that associates an ACL to a resource (ex. a GreenVulcano® ESB service)
The following table shows its attributes:
Attribute | Type | Description |
---|---|---|
type | fixed | This attribute must assume the value acl-manager |
class | fixed | This attribute must assume the value it.greenvulcano.gvesb.policy.impl.ACLGreenVulcano |
Its subelements are:
DefaultRes
This element defines a default ACL definition, to be applied to all Services.
The following table shows its attributes:
Attribute | Type | Description |
---|---|---|
type | fixed | "resource" |
Its subelements are:
ServiceRes
This elements defines a GVCore Group/Service/Operation ACL definition.
The following table shows its attributes:
Attribute | Type | Description |
---|---|---|
type | fixed | "resource" |
group | optional | Group name. |
service | optional | Service name. |
operation | optional | Operation name. |
Its subelements are:
ACL
This element defines a resource/condition ACL (Access Control List).
Its subelements are:
RoleRef
Defines an ACL role reference. The following table shows its attributes:
Attribute | Type | Description |
---|---|---|
name | required | Point to a Role definition |
AddressSetRef
Defines an ACL address set reference. The following table shows its attributes:
Attribute | Type | Description |
---|---|---|
name | required | Point to a AddressSet definition |
{{#w4grb_rate:}}
<w4grb_ratinglist latestvotes items="5" nosort/>