SMILA/Documentation/SampleSecurityConverterPipelet

From Eclipsepedia

Jump to: navigation, search

Contents

Pipelet: org.eclipse.smila.security.processing.SampleSecurityConverterPipelet

Description

This is a sample pipelet that gets and converts security information into

  • record's metadata to allow indexing in Lucene
  • a filter used in a query to restrict the results to the users that have READ access

The pipelet uses the service a org.eclipse.smila.security.SecurityResolver, which is used to resolve groups and user names. If no SecurityResolver is available the configuration options are ignored and the security information already contained in the record is just added to the specified readUsersAttributeName. (see below).

Configuration

The pipelet is configured using the <PipeletConfiguration> section inside the <invokePipelet> activity of the corresponding BPEL file. It provides the following properties:

Property Type Description
readUsersAttributeName String Name of the attribute to store the users with READ access rights to. This attribute can then be indexed by Lucene.
resolveGroups Boolean Boolean flag determining whether groups should be resolved to their user principals (true) or not (false)
resolveUserNames Boolean Boolean flag determining whether user names should be resolved and replaced by the value described by resolvedUserNamePropertyName (true) or not (false)
resolvedUserNamePropertyName String Name of an LDAP property to use instead of the user/group principal (e.g. a display name). Only used if resolveUserNames is set to true.

During execution, the pipelet uses the following required record metadata to decide how to handle a record:

Name Value Description
_executionMode INDEX or SEARCH INDEX - the service is used for indexing security annotations, SEARCH - the service is used during search for filtering results according to security annotations


Example

Pipelet configuration for SampleSecurityConverter

<extensionActivity>
    <proc:invokePipelet name="sample securityConverter">
        <proc:pipelet class="org.eclipse.smila.security.processing.SampleSecurityConverterPipelet" />
        <proc:variables input="request" output="request"/>
        <proc:configuration>
          <rec:Val key="readUsersAttributeName">ReadUsers</rec:Val>
          <rec:Val key="resolveGroups" type="boolean">true</rec:Val>
          <rec:Val key="resolveUserNames" type="boolean">true</rec:Val>
          <rec:Val key="resolvedUserNamePropertyName">displayName</rec:Val>
        </proc:configuration>
    </proc:invokePipelet>
</extensionActivity>