Difference between revisions of "GVPolicy"
(→Description) |
(→Description) |
||
| Line 3: | Line 3: | ||
GVPolicy element defines the configuration of the {{GVESB}} ACL Policy framework. | GVPolicy element defines the configuration of the {{GVESB}} ACL Policy framework. | ||
| − | An access control list (ACL) defines a set of authorization constraints attached to a | + | An access control list (ACL) defines a set of authorization constraints attached to a {{GVESB}} services. |
| − | When a client invoke a | + | When a client invoke a {{GVESB}} service in an ACL-based security model, the ESB first checks the ACL for an |
applicable entry to decide whether the requested operation is authorized. | applicable entry to decide whether the requested operation is authorized. | ||
When you create a service, you can configure its access control list for a specific combination of roles, client subnet | When you create a service, you can configure its access control list for a specific combination of roles, client subnet | ||
Revision as of 09:34, 12 June 2013
Contents
Description
GVPolicy element defines the configuration of the GreenVulcano® ESB ACL Policy framework.
An access control list (ACL) defines a set of authorization constraints attached to a GreenVulcano® ESB services. When a client invoke a GreenVulcano® ESB service in an ACL-based security model, the ESB first checks the ACL for an applicable entry to decide whether the requested operation is authorized. When you create a service, you can configure its access control list for a specific combination of roles, client subnet or client specific IP.
GreenVulcano® ESB Configuration
Element GVPolicy belongs to GVCore and it is visualized from the VulCon® Core View.
The following table shows the GVPolicy attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | This attribute must assume the value module. |
| name | fixed | This attribute must assume the value POLICY_MANAGER. |
Its subelements are:
Roles
This element defines the roles to be used in ACL configuration. Might contain more Role elements.
Role
Its attributes are:
| Attribute | Type | Description |
|---|---|---|
| name | required | Role name |
ACLGreenVulcano
ACLGreenVulcano is the implementation that associates an ACL to a resource (ex. a GreenVulcano® ESB service)
The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | This attribute must assume the value acl-manager |
| class | fixed | This attribute must assume the value it.greenvulcano.gvesb.policy.impl.ACLGreenVulcano |
Its subelements are:
DefaultRes
This element defines a default ACL definition.
The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | "resource" |
Its subelements are:
ServiceRes
This elements defines a GVCore group/service/operation ACL definition.
The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | "resource" |
| group | required | Group name. |
| service | required | Service name. |
| operation | required | Operation name. |
Its subelements are:
{{#w4grb_rate:}} <w4grb_ratinglist latestvotes items="5" nosort/>
