geoxacml: obligation handling and evaluation at dispatcher level
----------------------------------------------------------------
Key: GEOS-4049
URL: http://jira.codehaus.org/browse/GEOS-4049
Project: GeoServer
Issue Type: Improvement
Affects Versions: Community
Reporter: Lennart Jütte
Assignee: Andrea Aime
Fix For: Community
Attachments: 01_cleanup-xcaml.patch, 02_add-thesis-results.patch, 03_enable-xacml.patch
The geoxacml community module currently consists of a Acegi filter and a extended PDP (based on Sun's implementation). That way GET-HTTP requests can be intercepted and evaluated. There was no was of checking POST-Requests or handle Obligations.
The attached patches add the possibility to add XACML obligations and enforce them at the dispatcher level using a DispatcherCallback. In addition to that the evaluation was moved from the Acegi filter to the DispatcherCallback as well.
Now every Operation can be transformed to a decision request which will be evaluated by the PDP. Its decision and optional obligations can be enforced by the DispatcherCallback as well. Currently only CQL/OGC-filters on WMS/WFS-request are allowed.
This is how to apply the patches:
* apply [^01_clean-sunxacml.patch] to clean up the current code(practically the same patch as in http://jira.codehaus.org/browse/GEOS-4045 - can be omitted if this patch was already applied to trunk)
* apply [^02_add-thesis-results.patch] to add the new functionality and disable some of the old geoxacml stuff (e.g. the Acegi Filter)
* apply [^03_enable-xacml.patch] to enable the module by adding a profile web/app/pom.xml and removing beans from main/src/java/applicationSecurityContext.xml . Replacements will be provided
by the geoxacml module.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira