Jump to: navigation, search

Difference between revisions of "SMILA/Documentation/SampleSecurityConverterPipelet"

(Example)
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== <tt>org.eclipse.smila.security.processing.SampleSecurityConverter</tt> ==
+
== Pipelet: org.eclipse.smila.security.processing.SampleSecurityConverterPipelet ==
  
 
=== Description ===
 
=== Description ===
  
This is a sample ProcessingService that converts security annotations into
+
This is a sample pipelet that gets and converts security information into
* attributes with literals to allow indexing in Lucene
+
* record's metadata to allow indexing in Lucene
* a filter annotation used in a query to restrict the results to the users that have READ access
+
* a filter used in a query to restrict the results to the users that have READ access
  
The service has an optional reference to <tt>a org.eclipse.smila.security.SecurityResolver</tt>, which is used to resolve groups and user names. If no SecurityResolver is available the configuration options are ignored an the security annotations are just converted into attribute values, keeping the original values without any modifications.
+
The pipelet uses the service <tt>a org.eclipse.smila.security.SecurityResolver</tt>, which is used to resolve groups and user names. If no SecurityResolver is available the configuration options are ignored and the security information already contained in the record is just added to the specified ''readUsersAttributeName''. (see below).
 
+
==== Annotations ====
+
The SampleSecurityConverter uses the Annotation <tt>org.eclipse.smila.security.processing.SampleSecurityConverter</tt> on records to decide how to handle a record. It supports the following required named values.
+
{| border = 1
+
!Name!!Value!!Description
+
|-
+
|executionMode||INDEX or SEARCH||''INDEX'' - the service is used for indexing security annotations, ''SEARCH'' - the service is used during search for filtering with security annotations
+
|}
+
  
 
=== Configuration ===
 
=== Configuration ===
 +
 +
The pipelet is configured using the <tt><PipeletConfiguration></tt> section inside the <tt><invokePipelet></tt> activity of the corresponding BPEL file. It provides the following properties:
  
 
{| border = 1
 
{| border = 1
 
!Property!!Type!!Description
 
!Property!!Type!!Description
 
|-
 
|-
|readUsersAttributeName||String||the name of the attribute to store the users with READ access rights in. This attribute can then be indexed by Lucene.
+
|''readUsersAttributeName''||String||Name of the attribute to store the users with READ access rights to. This attribute can then be indexed by Lucene.
 
|-
 
|-
|resolveGroups||Boolean||a boolean flag if to resolve groups to their user principals (true) or not (false)
+
|''resolveGroups''||Boolean||Boolean flag determining whether groups should be resolved to their user principals (true) or not (false)
 
|-
 
|-
|resolveUserNames||Boolean||a boolean flag if to resolve user names and replace them with the value described by resolvedUserNamePropertyName (true) or not (false)
+
|''resolveUserNames''||Boolean||Boolean flag determining whether user names should be resolved and replaced by the value described by ''resolvedUserNamePropertyName'' (true) or not (false)
 
|-
 
|-
|resolvedUserNamePropertyName||String||the name of an LDAP property to use instead of the user/group principal (e.g. a display name). Only used if resolveUserNames is true
+
|''resolvedUserNamePropertyName''||String||Name of an LDAP property to use instead of the user/group principal (e.g. a display name). Only used if ''resolveUserNames'' is set to true.
 
|}
 
|}
 +
 +
During execution, the pipelet uses the following required record metadata to decide how to handle a record:
 +
{| border = 1
 +
!Name!!Value!!Description
 +
|-
 +
|''_executionMode''||INDEX or SEARCH||''INDEX'' - the service is used for indexing security annotations, ''SEARCH'' - the service is used during search for filtering results according to security annotations
 +
|}
 +
  
 
==== Example ====
 
==== Example ====
  
'''PipeletConfiguration for SampleSecurityConverter'''
+
'''Pipelet configuration for SampleSecurityConverter'''
 
<source lang="xml">
 
<source lang="xml">
<PipeletConfiguration xmlns="http://www.eclipse.org/smila/processor">
+
<extensionActivity>
<Property name="readUsersAttributeName" type="java.lang.String">
+
    <proc:invokePipelet name="sample securityConverter">
<Value>ReadUsers</Value>
+
        <proc:pipelet class="org.eclipse.smila.security.processing.SampleSecurityConverterPipelet" />
</Property>
+
        <proc:variables input="request" output="request"/>
<Property name="resolveGroups" type="java.lang.Boolean">
+
        <proc:configuration>
<Value>true</Value>
+
          <rec:Val key="readUsersAttributeName">ReadUsers</rec:Val>
</Property>
+
          <rec:Val key="resolveGroups" type="boolean">true</rec:Val>
<Property name="resolveUserNames" type="java.lang.Boolean">
+
          <rec:Val key="resolveUserNames" type="boolean">true</rec:Val>
<Value>true</Value>
+
          <rec:Val key="resolvedUserNamePropertyName">displayName</rec:Val>
</Property>
+
        </proc:configuration>
<Property name="resolvedUserNamePropertyName" type="java.lang.String">
+
    </proc:invokePipelet>
<Value>displayName</Value>
+
</extensionActivity>
</Property>
+
</PipeletConfiguration>
+
 
</source>
 
</source>
 
  
 
[[Category:SMILA]]  [[Category:SMILA/Pipelet]]
 
[[Category:SMILA]]  [[Category:SMILA/Pipelet]]

Latest revision as of 11:52, 23 January 2012

Pipelet: org.eclipse.smila.security.processing.SampleSecurityConverterPipelet

Description

This is a sample pipelet that gets and converts security information into

  • record's metadata to allow indexing in Lucene
  • a filter used in a query to restrict the results to the users that have READ access

The pipelet uses the service a org.eclipse.smila.security.SecurityResolver, which is used to resolve groups and user names. If no SecurityResolver is available the configuration options are ignored and the security information already contained in the record is just added to the specified readUsersAttributeName. (see below).

Configuration

The pipelet is configured using the <PipeletConfiguration> section inside the <invokePipelet> activity of the corresponding BPEL file. It provides the following properties:

Property Type Description
readUsersAttributeName String Name of the attribute to store the users with READ access rights to. This attribute can then be indexed by Lucene.
resolveGroups Boolean Boolean flag determining whether groups should be resolved to their user principals (true) or not (false)
resolveUserNames Boolean Boolean flag determining whether user names should be resolved and replaced by the value described by resolvedUserNamePropertyName (true) or not (false)
resolvedUserNamePropertyName String Name of an LDAP property to use instead of the user/group principal (e.g. a display name). Only used if resolveUserNames is set to true.

During execution, the pipelet uses the following required record metadata to decide how to handle a record:

Name Value Description
_executionMode INDEX or SEARCH INDEX - the service is used for indexing security annotations, SEARCH - the service is used during search for filtering results according to security annotations


Example

Pipelet configuration for SampleSecurityConverter

<extensionActivity>
    <proc:invokePipelet name="sample securityConverter">
        <proc:pipelet class="org.eclipse.smila.security.processing.SampleSecurityConverterPipelet" />
        <proc:variables input="request" output="request"/>
        <proc:configuration>
          <rec:Val key="readUsersAttributeName">ReadUsers</rec:Val>
          <rec:Val key="resolveGroups" type="boolean">true</rec:Val>
          <rec:Val key="resolveUserNames" type="boolean">true</rec:Val>
          <rec:Val key="resolvedUserNamePropertyName">displayName</rec:Val>
        </proc:configuration>
    </proc:invokePipelet>
</extensionActivity>