Difference between revisions of "GVPolicy"
(→Description) |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 25: | Line 25: | ||
* [[Description]] | * [[Description]] | ||
* [[#Roles|Roles]] | * [[#Roles|Roles]] | ||
| + | * [[#Addresses|Addresses]] | ||
* [[#ACLGreenVulcano|ACLGreenVulcano]] | * [[#ACLGreenVulcano|ACLGreenVulcano]] | ||
===Roles=== | ===Roles=== | ||
| − | This element defines the | + | This element defines the [[#Role|Roles]] to be used in ACL configuration. |
| − | |||
====Role==== | ====Role==== | ||
| + | Defines a policy role. | ||
Its attributes are: | Its attributes are: | ||
| Line 39: | Line 40: | ||
|- | |- | ||
| name || required || Role name | | name || required || Role name | ||
| + | |} | ||
| + | |||
| + | Its subelements are: | ||
| + | * [[Description]] | ||
| + | |||
| + | ===Addresses=== | ||
| + | |||
| + | This element defines the [[#AddressSet|AddressSet]] to be used in ACL configuration. | ||
| + | |||
| + | ====AddressSet==== | ||
| + | Defines a policy list of IP or sub-nets. | ||
| + | |||
| + | Its attributes are: | ||
| + | {|class="gvtable" | ||
| + | ! Attribute !! Type !! Description | ||
| + | |- | ||
| + | | name || required || AddressSet name | ||
| + | |} | ||
| + | |||
| + | Its subelements are: | ||
| + | * [[Description]] | ||
| + | * [[#Address|Address]] | ||
| + | |||
| + | =====Address===== | ||
| + | |||
| + | Its attributes are: | ||
| + | {|class="gvtable" | ||
| + | ! Attribute !! Type !! Description | ||
| + | |- | ||
| + | | address || required || IP or sub-net mask | ||
|} | |} | ||
| Line 61: | Line 92: | ||
====DefaultRes==== | ====DefaultRes==== | ||
| − | This element defines a default ACL definition. | + | This element defines a default ACL definition, to be applied to all Services. |
The following table shows its attributes: | The following table shows its attributes: | ||
| Line 72: | Line 103: | ||
Its subelements are: | Its subelements are: | ||
* [[Description]] | * [[Description]] | ||
| − | * [[ | + | * [[#ACL|ACL]] |
====ServiceRes==== | ====ServiceRes==== | ||
| − | This elements defines a GVCore | + | This elements defines a GVCore Group/Service/Operation ACL definition. |
The following table shows its attributes: | The following table shows its attributes: | ||
| Line 84: | Line 115: | ||
| type || fixed || "resource" | | type || fixed || "resource" | ||
|- | |- | ||
| − | | group || required || Group name. | + | | group || required|optional || Group name. |
|- | |- | ||
| − | | service || required || Service name. | + | | service || required|optional || Service name. |
|- | |- | ||
| − | | operation || required || Operation name. | + | | operation || required|optional || Operation name. |
|} | |} | ||
Its subelements are: | Its subelements are: | ||
* [[Description]] | * [[Description]] | ||
| − | * [[ | + | * [[#ACL|ACL]] |
| + | |||
| + | ===ACL=== | ||
| + | This element defines a resource/condition [http://en.wikipedia.org/wiki/Access_control_list ACL] (Access Control List). | ||
| + | |||
| + | Its subelements are: | ||
| + | * [[#RoleRef|RoleRef]] | ||
| + | * [[#AddressSetRef|AddressSetRef]] | ||
| + | |||
| + | ====RoleRef==== | ||
| + | Defines an ACL role reference. | ||
| + | The following table shows its attributes: | ||
| + | {|class="gvtable" | ||
| + | ! Attribute !! Type !! Description | ||
| + | |- | ||
| + | | name || required || Point to a [[#Role|Role]] definition | ||
| + | |} | ||
| + | |||
| + | |||
| + | ====AddressSetRef==== | ||
| + | Defines an ACL address set reference. | ||
| + | The following table shows its attributes: | ||
| + | {|class="gvtable" | ||
| + | ! Attribute !! Type !! Description | ||
| + | |- | ||
| + | | name || required || Point to a [[#AddressSet|AddressSet]] definition | ||
| + | |} | ||
| + | |||
{{VOTE}} | {{VOTE}} | ||
Latest revision as of 11:02, 2 January 2015
Contents
Description
GVPolicy element defines the configuration of the GreenVulcano® ESB ACL Policy framework.
An access control list (ACL) defines a set of authorization constraints attached to a GreenVulcano® ESB services. When a client invoke a GreenVulcano® ESB service in an ACL-based security model, the ESB first checks the ACL for an applicable entry to decide whether the requested operation is authorized. When you create a service, you can configure its access control list for a specific combination of roles, client subnet or client specific IP.
GreenVulcano® ESB Configuration
Element GVPolicy belongs to GVCore and it is visualized from the VulCon® Core View.
The following table shows the GVPolicy attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | This attribute must assume the value module. |
| name | fixed | This attribute must assume the value POLICY_MANAGER. |
Its subelements are:
Roles
This element defines the Roles to be used in ACL configuration.
Role
Defines a policy role.
Its attributes are:
| Attribute | Type | Description |
|---|---|---|
| name | required | Role name |
Its subelements are:
Addresses
This element defines the AddressSet to be used in ACL configuration.
AddressSet
Defines a policy list of IP or sub-nets.
Its attributes are:
| Attribute | Type | Description |
|---|---|---|
| name | required | AddressSet name |
Its subelements are:
Address
Its attributes are:
| Attribute | Type | Description |
|---|---|---|
| address | required | IP or sub-net mask |
ACLGreenVulcano
ACLGreenVulcano is the implementation that associates an ACL to a resource (ex. a GreenVulcano® ESB service)
The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | This attribute must assume the value acl-manager |
| class | fixed | This attribute must assume the value it.greenvulcano.gvesb.policy.impl.ACLGreenVulcano |
Its subelements are:
DefaultRes
This element defines a default ACL definition, to be applied to all Services.
The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | "resource" |
Its subelements are:
ServiceRes
This elements defines a GVCore Group/Service/Operation ACL definition.
The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | "resource" |
| group | optional | Group name. |
| service | optional | Service name. |
| operation | optional | Operation name. |
Its subelements are:
ACL
This element defines a resource/condition ACL (Access Control List).
Its subelements are:
RoleRef
Defines an ACL role reference. The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| name | required | Point to a Role definition |
AddressSetRef
Defines an ACL address set reference. The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| name | required | Point to a AddressSet definition |
{{#w4grb_rate:}}
<w4grb_ratinglist latestvotes items="5" nosort/>
