Versions Compared

Old Version 10

changes.mady.by.user Former user

Saved on

compared with

New Version 11

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
xml
xml
titleapplicationContext-common-authorization.xml
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
  <property name="rolePrefix" value="MY_ROLE_PREFIX_" />
</bean>

Roles are referenced by name in pentaho.xml.

Code Block
xml
xml
titlepentaho.xml
<acl-publisher>
  <default-acls>
    <acl-entry role="MY_ROLE_PREFIX_ADMIN" acl="ADMIN_ALL" />
    <acl-entry role="MY_ROLE_PREFIX_CTO" acl="ADMIN_ALL" />
    <acl-entry role="MY_ROLE_PREFIX_DEV" acl="EXECUTE_SUBSCRIBE" />
    <acl-entry role="MY_ROLE_PREFIX_AUTHENTICATED" acl="EXECUTE" />
  </default-acls>
</acl-publisher>

<acl-voter>
   <admin-role>MY_ROLE_PREFIX_ADMIN</admin-role>

</acl-voter>

<anonymous-authentication>
  <anonymous-user>anonymous</anonymous-user>
  <anonymous-role>MY_ROLE_PREFIX_ANONYMOUS</anonymous-role>
</anonymous-authentication>

Again, roles are referenced by name when allowing anonymous users and when specifying authorization rules for URLs.

Code Block
xml
xml
titleapplicationContext-acegi-security.xml
<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
  <property name="key" value="foobar" />
  <property name="userAttribute" value="anonymousUser,MY_ROLE_PREFIX_ANONYMOUS" />
</bean>

<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">

  <!-- omitted -->

  <property name="objectDefinitionSource">
    <value>
    <![CDATA[
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /login*=MY_ROLE_PREFIX_ANONYMOUS,MY_ROLE_PREFIX_AUTHENTICATED

    ...omitted...

    /**=MY_ROLE_PREFIX_AUTHENTICATED
    ]]>
    </value>
  </property>
</bean>

Memory

The type of security back-end specifies role names in Spring XML files.

Code Block
xml
xml
titleapplicationContext-acegi-security-memory.xml
<bean id="userMap" class="java.lang.String">
  <constructor-arg type="java.lang.String">
    <value>
    <![CDATA[
    joe=password,MY_ROLE_PREFIX_CEO,MY_ROLE_PREFIX_ADMIN,MY_ROLE_PREFIX_USER,MY_ROLE_PREFIX_AUTHENTICATED

    ...omitted...

    </value>
  </constructor>
</bean>

...

ROLE

MY_ROLE_PREFIX_AUTHENTICATED

MY_ROLE_PREFIX_CEO

...omitted...

Directory (LDAP)

The configuration below assumes that your role entries are NOT stored with the prefix. The prefixes are added when the roles are fetched.

Code Block
xml
xml
titleapplicationContext-acegi-security-ldap.xml
<bean id="populator" class="com.pentaho.security.ldap.FixedDefaultLdapAuthoritiesPopulator">

  <!-- omitted -->

  <property name="rolePrefix" value="MY_ROLE_PREFIX_" />

  <!-- omitted -->

</bean>

...