4 Replies Latest reply on Feb 29, 2004 8:13 PM by jae

    Security changes

    Viet Master

      I updated the security :

      1. component test has gone, we keep only test instance, there is no need for that anymore because now the security is defined at component level.
      2. each component (block, theme or module) may declare and use security.
      3. it is possible for a permission to declare the group "*", that special token says that the permission apply to any group.
      4. I added a new permission module that helps a lot to see and manage security rules. ($nukes/permission)

        I will do a wiki section on that.

        • 1. Re: Security changes
          Viet Master

          BTW, it would be a good idea to flush or update your persisted security :

          delete from nuke_services_attributes where pn_aid='Security'

          this will force when you deploy to store the current DD into the database.

          • 2. Re: Security changes
            jae Master

            can you also explain how the patterns work. are they just arbitrary patterns that we come up w/, and then check for in the code?

            couldn't we do some of this work using jaas?

            • 3. Re: Security changes
              Viet Master

              Pattern is like before, I just removed the component part.

              We will use JAAS in the future there is no doubt about it, but for now it is sufficient.

              • 4. Re: Security changes
                jae Master

                i just made an update to the SecurityManager class so that the "getSecLevel" will iterate over all the permissions and return the highest level level for the given set of groups.

                this allows different groups to use the same security patterns, which i noticed no longer worked correctly when i went to resolve the conflicts in the news module.

                also, the Admins security setting was missing from the forums jboss-service.xml file - please reflush the security settings when you update, or the stored database configuration will override the xml file's.

                finally, if anyone is working on adding security and are having problems, add the following line to your log4j.conf file (under jboss/nukes) to get some useful debug information output to the logs.

                <category name="org.jboss.nukes.security">
                 <priority value="DEBUG"/>