Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
SMILA/Documentation/SampleSecurityConverterPipelet
< SMILA | Documentation
Revision as of 08:30, 9 April 2009 by Juergen.schumacher.empolis.com (Talk | contribs) (→Configuration)
Contents
org.eclipse.smila.security.processing.SampleSecurityConverter
Description
This is a sample ProcessingService that converts security annotations into
- attributes with literals to allow indexing in Lucene
- a filter annotation used in a query to restrict the results to the users that have READ access
The service has an optional reference to a org.eclipse.smila.security.SecurityResolver, which is used to resolve groups and user names. If no SecurityResolver is available the configuration options are ignored an the security annotations are just converted into attribute values, keeping the original values without any modifications.
Annotations
The SampleSecurityConverter uses the Annotation org.eclipse.smila.security.processing.SampleSecurityConverter on records to decide how to handle a record. It supports the following required named values.
| Name | Value | Description |
|---|---|---|
| executionMode | INDEX or SEARCH | INDEX - the service is used for indexing security annotations, SEARCH - the service is used during search for filtering with security annotations |
Configuration
| Property | Type | Description |
|---|---|---|
| readUsersAttributeName | String | the name of the attribute to store the users with READ access rights in. This attribute can then be indexed by Lucene. |
| resolveGroups | Boolean | a boolean flag if to resolve groups to their user principals (true) or not (false) |
| resolveUserNames | Boolean | a boolean flag if to resolve user names and replace them with the value described by resolvedUserNamePropertyName (true) or not (false) |
| resolvedUserNamePropertyName | String | the name of an LDAP property to use instead of the user/group principal (e.g. a display name). Only used if resolveUserNames is true |
Example
PipeletConfiguration for SampleSecurityConverter
<PipeletConfiguration xmlns="http://www.eclipse.org/smila/processor"> <Property name="readUsersAttributeName" type="java.lang.String"> <Value>ReadUsers</Value> </Property> <Property name="resolveGroups" type="java.lang.Boolean"> <Value>true</Value> </Property> <Property name="resolveUserNames" type="java.lang.Boolean"> <Value>true</Value> </Property> <Property name="resolvedUserNamePropertyName" type="java.lang.String"> <Value>displayName</Value> </Property> </PipeletConfiguration>