|
|
| Line 1: |
Line 1: |
| − | == Pipelet: org.eclipse.smila.security.processing.SampleSecurityConverterPipelet ==
| + | #REDIRECT [[SMILA/Documentation/SampleSecurityConverterPipelet]] |
| − | | + | |
| − | === Description ===
| + | |
| − | | + | |
| − | This is a sample pipelet that gets and converts security information into
| + | |
| − | * record's metadata to allow indexing in Lucene
| + | |
| − | * a filter used in a query to restrict the results to the users that have READ access
| + | |
| − | | + | |
| − | The pipelet uses the service <tt>a org.eclipse.smila.security.SecurityResolver</tt>, which is used to resolve groups and user names. If no SecurityResolver is available the configuration options are ignored and the security information already contained in the record is just added to the specified ''readUsersAttributeName''. (see below).
| + | |
| − | | + | |
| − | === Configuration ===
| + | |
| − | | + | |
| − | The pipelet is configured using the <tt><PipeletConfiguration></tt> section inside the <tt><invokePipelet></tt> activity of the corresponding BPEL file. It provides the following properties:
| + | |
| − | | + | |
| − | {| border = 1
| + | |
| − | !Property!!Type!!Description
| + | |
| − | |-
| + | |
| − | |''readUsersAttributeName''||String||Name of the attribute to store the users with READ access rights to. This attribute can then be indexed by Lucene.
| + | |
| − | |-
| + | |
| − | |''resolveGroups''||Boolean||Boolean flag determining whether groups should be resolved to their user principals (true) or not (false)
| + | |
| − | |-
| + | |
| − | |''resolveUserNames''||Boolean||Boolean flag determining whether user names should be resolved and replaced by the value described by ''resolvedUserNamePropertyName'' (true) or not (false)
| + | |
| − | |-
| + | |
| − | |''resolvedUserNamePropertyName''||String||Name of an LDAP property to use instead of the user/group principal (e.g. a display name). Only used if ''resolveUserNames'' is set to true.
| + | |
| − | |}
| + | |
| − | | + | |
| − | During execution, the pipelet uses the following required record metadata to decide how to handle a record:
| + | |
| − | {| border = 1
| + | |
| − | !Name!!Value!!Description
| + | |
| − | |-
| + | |
| − | |''_executionMode''||INDEX or SEARCH||''INDEX'' - the service is used for indexing security annotations, ''SEARCH'' - the service is used during search for filtering results according to security annotations
| + | |
| − | |}
| + | |
| − | | + | |
| − | | + | |
| − | ==== Example ====
| + | |
| − | | + | |
| − | '''Pipelet configuration for SampleSecurityConverter'''
| + | |
| − | <source lang="xml">
| + | |
| − | <extensionActivity>
| + | |
| − | <proc:invokePipelet name="sample securityConverter">
| + | |
| − | <proc:pipelet class="org.eclipse.smila.security.processing.SampleSecurityConverterPipelet" />
| + | |
| − | <proc:variables input="request" output="request" />
| + | |
| − | <proc:PipeletConfiguration>
| + | |
| − | <proc:Property name="readUsersAttributeName" type="java.lang.String">
| + | |
| − | <proc:Value>ReadUsers</proc:Value>
| + | |
| − | </proc:Property>
| + | |
| − | <proc:Property name="resolveGroups" type="java.lang.Boolean">
| + | |
| − | <proc:Value>true</proc:Value>
| + | |
| − | </proc:Property>
| + | |
| − | <proc:Property name="resolveUserNames" type="java.lang.Boolean">
| + | |
| − | <proc:Value>true</proc:Value>
| + | |
| − | </proc:Property>
| + | |
| − | <proc:Property name="resolvedUserNamePropertyName" type="java.lang.String">
| + | |
| − | <proc:Value>displayName</proc:Value>
| + | |
| − | </proc:Property>
| + | |
| − | </proc:PipeletConfiguration>
| + | |
| − | </proc:invokePipelet>
| + | |
| − | </extensionActivity>
| + | |
| − | </source>
| + | |
| − | | + | |
| − | [[Category:SMILA]] [[Category:SMILA/Pipelet]] | + | |
