Difference between revisions of "GVPolicy"

From GreenVulcano Wiki
Jump to: navigation, search
(Description)
(Description)
Line 3: Line 3:
 
GVPolicy element defines the configuration of the {{GVESB}} ACL Policy framework.
 
GVPolicy element defines the configuration of the {{GVESB}} ACL Policy framework.
  
An access control list (ACL),in {{GVESB}}, define a set of authorizations attached to a {{GVESB}} services.
+
An access control list (ACL) defines a set of authorization constraints attached to a GreenVulcano® ESB services.
When a subject requests an invocation of {{GVESB}} service in an ACL-based security model, {{GVESB}} first checks the ACL for an applicable entry to decide whether the requested operation is authorized. When you create a service, you can configure your service access control list for a specific role, a subnet or a specific ip.
+
When a client invoke a GreenVulcano® ESB service in an ACL-based security model, the ESB first checks the ACL for an  
 +
applicable entry to decide whether the requested operation is authorized.
 +
When you create a service, you can configure its access control list for a specific combination of roles, client subnet  
 +
or client specific IP.
  
 
=={{GVESB}} Configuration==
 
=={{GVESB}} Configuration==

Revision as of 09:33, 12 June 2013

Description

GVPolicy element defines the configuration of the GreenVulcano® ESB ACL Policy framework.

An access control list (ACL) defines a set of authorization constraints attached to a GreenVulcano® ESB services. When a client invoke a GreenVulcano® ESB service in an ACL-based security model, the ESB first checks the ACL for an applicable entry to decide whether the requested operation is authorized. When you create a service, you can configure its access control list for a specific combination of roles, client subnet or client specific IP.

GreenVulcano® ESB Configuration

Configuring GVPolicy with Vulcon

Element GVPolicy belongs to GVCore and it is visualized from the VulCon® Core View.

The following table shows the GVPolicy attributes:

Attribute Type Description
type fixed This attribute must assume the value module.
name fixed This attribute must assume the value POLICY_MANAGER.

Its subelements are:

Roles

This element defines the roles to be used in ACL configuration. Might contain more Role elements.

Role

Its attributes are:

Attribute Type Description
name required Role name

ACLGreenVulcano

ACLGreenVulcano is the implementation that associates an ACL to a resource (ex. a GreenVulcano® ESB service)

The following table shows its attributes:

Attribute Type Description
type fixed This attribute must assume the value acl-manager
class fixed This attribute must assume the value it.greenvulcano.gvesb.policy.impl.ACLGreenVulcano

Its subelements are:

DefaultRes

This element defines a default ACL definition.

The following table shows its attributes:

Attribute Type Description
type fixed "resource"

Its subelements are:

ServiceRes

This elements defines a GVCore group/service/operation ACL definition.

The following table shows its attributes:

Attribute Type Description
type fixed "resource"
group required Group name.
service required Service name.
operation required Operation name.

Its subelements are:

{{#w4grb_rate:}} <w4grb_ratinglist latestvotes items="5" nosort/>