Jump to: navigation, search

SMILA/Documentation/SampleSecurityConverterPipelet

< SMILA‎ | Documentation
Revision as of 05:45, 12 March 2009 by Daniel.stucky.empolis.com (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

org.eclipse.smila.security.processing.SampleSecurityConverter

Description

This is a sample ProcessingService that converts security annotations into

  • attributes with literals to allow indexing in Lucene
  • a filter annotation used in a query to restrict the results to the users that have READ access

The service has an optional reference to a org.eclipse.smila.security.SecurityResolver, which is used to resolve groups and user names. If no SecurityResolver is available the configuration options are ignored an the security annotations are just converted into attribute values, keeping the original values without any modifications.

Annotations

The SampleSecurityConverter uses the Annotation org.eclipse.smila.security.processing.SampleSecurityConverter on records to decide how to handle a record. It supports the following required named values.

Name Value Description
executionMode INDEX or SEARCH INDEX - the service is used for indexing security annotations, SEARCH - the service is used during search for filtering with security annotations

Configuration

Property Type Description
readUsersAttributeName String the name of the attribute to store the users with READ access rights in. This attribute can the be indexed by Lucene.
resolveGroups Boolean a boolean flag if to resolve groups to their user principals (true) or not (false)
resolveUserNames Boolean a boolean flag if to resolve user names and replace them with the value describe by resolvedUserNamePropertyName (true) or not (false)
resolvedUserNamePropertyName String the name of an ldap property to use instead of the user/group principal (e.g. a display name). Only used if resolveUserNames is true

Example

PipeletConfiguration for SampleSecurityConverter

<PipeletConfiguration xmlns="http://www.eclipse.org/smila/processor">
	<Property name="readUsersAttributeName" type="java.lang.String">
		<Value>ReadUsers</Value>
	</Property>
	<Property name="resolveGroups" type="java.lang.Boolean">
		<Value>true</Value>
	</Property>
	<Property name="resolveUserNames" type="java.lang.Boolean">
		<Value>true</Value>
	</Property>
	<Property name="resolvedUserNamePropertyName" type="java.lang.String">
		<Value>displayName</Value>
	</Property>	
</PipeletConfiguration>