GVPolicy

From GreenVulcano Wiki
Revision as of 11:02, 2 January 2015 by G.dimaio (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Description

GVPolicy element defines the configuration of the GreenVulcano® ESB ACL Policy framework.

An access control list (ACL) defines a set of authorization constraints attached to a GreenVulcano® ESB services. When a client invoke a GreenVulcano® ESB service in an ACL-based security model, the ESB first checks the ACL for an applicable entry to decide whether the requested operation is authorized. When you create a service, you can configure its access control list for a specific combination of roles, client subnet or client specific IP.

GreenVulcano® ESB Configuration

Configuring GVPolicy with Vulcon

Element GVPolicy belongs to GVCore and it is visualized from the VulCon® Core View.

The following table shows the GVPolicy attributes:

Attribute Type Description
type fixed This attribute must assume the value module.
name fixed This attribute must assume the value POLICY_MANAGER.

Its subelements are:

Roles

This element defines the Roles to be used in ACL configuration.

Role

Defines a policy role.

Its attributes are:

Attribute Type Description
name required Role name

Its subelements are:

Addresses

This element defines the AddressSet to be used in ACL configuration.

AddressSet

Defines a policy list of IP or sub-nets.

Its attributes are:

Attribute Type Description
name required AddressSet name

Its subelements are:

Address

Its attributes are:

Attribute Type Description
address required IP or sub-net mask

ACLGreenVulcano

ACLGreenVulcano is the implementation that associates an ACL to a resource (ex. a GreenVulcano® ESB service)

The following table shows its attributes:

Attribute Type Description
type fixed This attribute must assume the value acl-manager
class fixed This attribute must assume the value it.greenvulcano.gvesb.policy.impl.ACLGreenVulcano

Its subelements are:

DefaultRes

This element defines a default ACL definition, to be applied to all Services.

The following table shows its attributes:

Attribute Type Description
type fixed "resource"

Its subelements are:

ServiceRes

This elements defines a GVCore Group/Service/Operation ACL definition.

The following table shows its attributes:

Attribute Type Description
type fixed "resource"
group optional Group name.
service optional Service name.
operation optional Operation name.

Its subelements are:

ACL

This element defines a resource/condition ACL (Access Control List).

Its subelements are:

RoleRef

Defines an ACL role reference. The following table shows its attributes:

Attribute Type Description
name required Point to a Role definition


AddressSetRef

Defines an ACL address set reference. The following table shows its attributes:

Attribute Type Description
name required Point to a AddressSet definition


{{#w4grb_rate:}} <w4grb_ratinglist latestvotes items="5" nosort/>