9 Replies Latest reply on Aug 23, 2004 10:19 AM by peter

    Security and Permission setting

    peter Apprentice

      Hi

      I am new to JbossNuke. I read the wiki pages. I am still confused about the security pattern.

      Who can explain the meaning of the following things?


      /**
      * Security description :
      * READ/core:menu:/$name:: - displays the block where $name is the block name.

      Any explains?

      * READ/core:menu:/$name:$name:$title - displays the link entitled $title.

      Any explains?


      * READ/core:menu:/$name:$module:$operation - displays the $operation of the $module.

      Any explains?


      Thanks very much


      yang

        • 1. Re: Security and Permission setting
          peter Apprentice

          /**
          * Security description :
          * READ/core:menu:/$name:: - displays the block where $name is the block name.


          WHAT DOES "READ" mean?
          What does "core:menu:/$name::" mean? and how to interpret this cryptic things?


          * READ/core:menu:/$name:$name:$title - displays the link entitled $title.

          Any explains?


          * READ/core:menu:/$name:$module:$operation - displays the $operation of the $module.

          • 2. Re: Security and Permission setting
            Thomas Heute Master

            If you read down the wiki page it's explained: http://www.jboss.org/wiki/Wiki.jsp?page=NukesSecurity

            READ means that the user can "read" it, or see it if you prefer. There are much more details in the wiki page.

            • 3. Re: Security and Permission setting
              peter Apprentice

              Thanks for replying.

              I already the wiki for a few times. the patter is in the form of xxx:xxx:xxx

              But why there are so many ":" in the following source code comments?

              READ/core:menu:/$name::

              In the above,
              what does "core" mean?
              what does "menu" mean?
              and what does /$name:: means?

              thanks

              yang

              • 4. Re: Security and Permission setting
                peter Apprentice

                When i read the wiki about nukes security, i found there are two places related to security and permission.

                The first is the comments in the javadoc .
                The second is the block/module MBean description.

                What is the relationship between the two?

                In the javadoc comments, i feel confused by the following line. Unfortunately, there is not any explaination.

                READ/core:menu:/$name::

                Guys, it is difficult to decript these :(

                Thanks a lot

                yang

                • 5. Re: Security and Permission setting
                  Viet Master

                  right, that description is not uptodate, it should be : READ/$name::
                  since the security is described at the component level the scheme specifying the component does not need to be expressed.

                  That means that for a particular action, the level READ is required when the component will call the security layer with the test $name::.

                  In nukes2, the :: may be removed to remove confusion and use something like : new String[]{"blah"} to express blah::


                  • 6. Re: Security and Permission setting
                    peter Apprentice

                    Thanks for cooper's reply.

                    When i read the wiki about nukes security, i found there are two places related to security and permission.

                    QQQQQQQQQ:

                    The first is the comments in the javadoc .
                    The second is the block/module MBean description.

                    What is the relationship between the two????????????????????????????

                    Actually, i read a thread in nukes development forum.

                    It seems that there are two matches. One is component match, the other is instance match etc.

                    Unfortunately, all the description is not clear enough. I think JbossNuke should be important in JBoss Group.

                    I suggest to your guys to write one good article to describe these unclear things.

                    • 7. Re: Security and Permission setting
                      innovate Newbie

                      Is it possible to display a particular block or module dependent on the URL of static HTML page?

                      /nukes/phone/snom.html --> Advertisement Block should be displayed if this HTML page is displayed.

                      Regards,

                      Cyrill

                      • 8. Re: Security and Permission setting
                        innovate Newbie

                        Hi,

                        Solved the problem. Following an excerpt from my custom advertisement block which should be displayed only for a particular url pattern:

                        public boolean getDisplayed(Page page) {
                         String advertisementUrl = page.getRequest().getServletPath();
                         Level level = secGetLevel(advertisementUrl + "::");
                        
                         return level.getName().equals("READ") ? true:false;
                         }


                        For this, I had to modify Page.java so I get the request with the url pattern (servletPath).

                        Following the security entry of an advertisement block (jmx-console):
                        <security>
                         <permission group="*" pattern="/support/.*::" level="READ"/>
                        </security>


                        Regards,

                        Cyrill

                        • 9. Re: Security and Permission setting
                          peter Apprentice

                          hi, innovate

                          Thanks for your example. It does help me.

                          Would you mind post your advertisement module here? I think it will help me a lot to understand the basic concept.

                          THanks a lot
                          yang