FITECH Laboratories spacer
graphic Company graphic Products graphic Support graphic Customers graphic Partners
The Power of Choice
spacer » Buy graphic » Try graphic » Map graphic » Contact graphic
spacer
spacer
xTier™
Overview
xTier Services
Business Case
Documentation
F.A.Q.
Buy xTier™
Try xTier™
Professional Services
graphic
spacer xTier
spacer
security
Product: xTier™/LWC 2.3
Whitepaper: n/a
spacer
 support@fitechlabs.com
 Download
 Buy
 Depends: log
 Related: n/a
xTier™ Navigator:
cache cluster config email i18n
ioc info jmx jndi security
log marshal objpool os fs
tx uidgen workflow jobs
db startup jms grid

Description
The 'security' service provides general purpose access authorization facility. Main features of 'security' service include:

  • XML-driven configuration.
  • Role-based authorization.
  • Support for ACLs.

'security' service consists of the following components:

  • SecurityService - defines main API for security service.
  • SecurityIdentity - can be either user or group. Groups can contain users and other groups as well.
  • SecurityResource - describes any resource that can have secure access – file, folder, database, etc. Resource is characterized by a set of actions (such as read, write, execute, etc.) this secure resource is exposing for authorization.
  • SecurityRole - grants access to specified users and (or) groups for specified action or set of actions on specified resources.
  • SecurityAcl (Access Control List) - a combination of security identity, resource and action, and can be of grant and deny types. grant ACL allows access for identity to the action, deny ACL prohibits access. ACLs can be used to restrict access granted by a role.
  • SecurityChangeListener - listens security configuration file changes.

 Top

Configuration
'security' service can be specified by XML configuration. It cannot be configured at runtime, however configuration can be realoaded from XML. Security objects specified in configuration are created automatically and can be accessed at runtime.

'security' service is configured via pre-defined xtier_security.xml configuration file. This file follows standard xTier™ service configuration pattern that can be demonstrated by the following complete example of security configuration:

1<xtier-security>
2  <region name="examples">
3    <!-- Users. -->
4    <user name="admin"/>
5    <user name="robert"/>
6    <user name="jon"/>
7
8    <!-- Groups definition. -->
9    <group name="admins">
10      <identity user="admin"/>
11    </group>
12    <group name="dev">
13      <identity user="robert"/>
14    </group>
15    <group name="nonadmins">
16      <identity user="jon"/>
17      <identity group="dev"/>
18    </group>
19
20    <!-- 
21        Resource which can have multiple 
22        actions. 
23    -->
24    <resource name="file">
25      <action name="create"/>
26      <action name="read"/>
27      <action name="write"/>
28      <action name="delete"/>
29    </resource>
30
31    <!-- 
32        Resource which can have multiple 
33        actions. 
34    -->
35    <resource name="db">
36      <action name="create"/>
37      <action name="update"/>
38      <action name="delete"/>
39      <action name="read"/>
40    </resource>
41
42    <!-- Reading role. -->
43    <role name="reader">
44      <identity group="admins"/>
45      <identity group="nonadmins"/>
46
47      <grant resource="file">
48        <action name="read"/>
49      </grant>
50
51      <grant resource="db">
52        <action name="read"/>
53      </grant>
54    </role>
55
56    <!-- Database user role. -->
57    <role name="dbuser">
58      <identity group="admins"/>
59      <identity user="robert"/>
60
61      <grant resource="db">
62        <action name="crete"/>
63        <action name="update"/>
64        <action name="delete"/>
65        <action name="read"/>
66      </grant>
67    </role>
68
69    <!-- Specific negative ACL. -->
70    <acl type="deny" identity="robert" 
71        resource="db" action="read"/>
72  </region>
73</xtier-security> 

 Top

Examples
The 'security' service is simple to use and follows the standard way for accessing services in xTier™. The following code snippet illustrates the basic usage pattern for the 'security' service:

1// Get the instance of xTier kernel.
2XtierKernel xtier = XtierKernel.getInstance();
3 
4// Get the instance of 'security' service.
5SecurityService security = xtier.security();
6 
7// Get map of XML-defined identities.
8Map identities = security.getAllIdentities();
9 
10// Get map of XML-defined roles.
11Map identities = security.getAllRoles();
12 
13// Checking access for identity "jon" to 
14// action "create" on resource "db".
15boolean access = security.checkAccess("jon", "db", "create");

 Download xTier™ for full examples and documentation.

 Top

spacer

Copyright © 2004-2008 Fitech Laboratories. All rights reserved.
Legal and privacy notice.