You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@stanbol.apache.org by bu...@apache.org on 2012/12/14 15:39:46 UTC
svn commit: r842328 - in /websites/staging/stanbol/trunk/content: ./
development/security.html
Author: buildbot
Date: Fri Dec 14 14:39:45 2012
New Revision: 842328
Log:
Staging update by buildbot for stanbol
Added:
websites/staging/stanbol/trunk/content/development/security.html
Modified:
websites/staging/stanbol/trunk/content/ (props changed)
Propchange: websites/staging/stanbol/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Dec 14 14:39:45 2012
@@ -1 +1 @@
-1421807
+1421902
Added: websites/staging/stanbol/trunk/content/development/security.html
==============================================================================
--- websites/staging/stanbol/trunk/content/development/security.html (added)
+++ websites/staging/stanbol/trunk/content/development/security.html Fri Dec 14 14:39:45 2012
@@ -0,0 +1,132 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+ <link href="/css/stanbol.css" rel="stylesheet" type="text/css">
+ <title>Apache Stanbol - </title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <link rel="icon" type="image/png" href="/images/stanbol-logo/stanbol-favicon.png"/>
+ <script type="text/javascript">
+ // Google Analytics Tracking Code
+ var _gaq = _gaq || [];
+ _gaq.push(['_setAccount', 'UA-32086816-1']);
+ _gaq.push(['_trackPageview']);
+
+ (function() {
+ var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+ ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+ var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+ })();
+ </script>
+</head>
+
+<body>
+ <div id="logo"> <!-- do not scroll the logo -->
+ <a href="/index.html"><img alt="Apache Stanbol" width="220" height="101" border="0" src="/images/stanbol-logo/stanbol-2010-12-14.png"/></a></div>
+ <div id="navigation"> <!-- but auto scroll the menue -->
+ <h1 id="stanbol">Stanbol</h1>
+<ul>
+<li><a href="/index.html">Home</a></li>
+<li><a href="/docs/trunk/tutorial.html">Getting Started</a></li>
+<li><a href="/docs/trunk/">Documentation</a><ul>
+<li><a href="/docs/trunk/scenarios.html">Usage Scenarios</a></li>
+<li><a href="/docs/trunk/components">Components</a></li>
+</ul>
+</li>
+<li><a href="/development/">Development</a></li>
+<li><a href="/production/">Production</a></li>
+</ul>
+<h1 id="project">Project</h1>
+<ul>
+<li><a href="/docs/trunk/mailinglists.html">Mailing Lists</a></li>
+<li><a href="https://issues.apache.org/jira/browse/STANBOL">Issue Tracker</a></li>
+<li><a href="/team.html">Project Team</a></li>
+<li><a href="http://www.apache.org/licenses/LICENSE-2.0">License</a></li>
+<li><a href="/privacy-policy.html">Privacy Policy</a></li>
+</ul>
+<h1 id="downloads">Downloads</h1>
+<ul>
+<li><a href="/downloads/">Overview</a><ul>
+<li><a href="/downloads/releases.html">Releases</a></li>
+<li><a href="/downloads/launchers.html">Launchers</a></li>
+</ul>
+</li>
+</ul>
+<h1 id="archive">Archive</h1>
+<ul>
+<li><a href="/docs/0.9.0-incubating/">0.9.0-incubating</a></li>
+</ul>
+<h1 id="the-asf">The ASF</h1>
+<ul>
+<li><a href="http://www.apache.org">Apache Software Foundation</a></li>
+<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+<li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+<li><a href="http://www.apache.org/security/">Security</a></li>
+</ul>
+ </div>
+ <div id="content">
+ <div class="breadcrumbs">
+ <ul> <li><a href="/">Home</a></li> <li class="item"><a href="/development/">Development</a></li> </ul>
+ </div>
+ <h1 class="title"></h1>
+ <p>Title: Security in Stanbol</p>
+<h3 id="general">General</h3>
+<p>Stanbol uses standard <a href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/spec/security-specTOC.fm.html">Java Security</a> for authorization. The permission can be set
+on a per user and per role basis using the user managers HTTP Api or UI. For the
+documentation of the HTTP API see the <a href="https://svn.apache.org/repos/asf/stanbol/trunk/commons/security/usermanagement/README.md">README</a> oth the usermanager. The UI is available
+as a tab on the Webconsole. If stanbol is used within an application server the menchanisms
+provided by this application servers must be used to assign required permissions to users
+as well as to the code-base. Stanbol launchers have no code-based permission limitations
+the code of all bundles is executed with full priviledges.</p>
+<h3 id="writing-security-aware-code">Writing security aware code</h3>
+<p>As for any Java libraries Stanbol modules should make sure they require a reasonable set of
+permissions. This includes doing checks for permssions with the <a href="http://docs.oracle.com/javase/6/docs/api/java/security/AccessController.html">AccessController</a> as well as
+executing code as prviledged where the code shall not "inherit" the permission requirements
+of the invoked methods.</p>
+<p>For example:</p>
+<div class="codehilite"><pre><span class="sr">//</span> <span class="n">checking</span> <span class="k">for</span> <span class="n">a</span> <span class="n">permission</span> <span class="n">to</span> <span class="n">access</span> <span class="n">the</span> <span class="n">RemoteFooBar</span> <span class="n">service</span>
+<span class="n">AccessController</span><span class="o">.</span><span class="n">checkPermission</span><span class="p">(</span><span class="k">new</span> <span class="n">RemoteFooBarPermission</span><span class="p">());</span>
+
+<span class="sr">//</span><span class="n">access</span> <span class="n">the</span> <span class="n">required</span> <span class="n">files</span> <span class="ow">and</span> <span class="k">do</span> <span class="n">the</span> <span class="n">required</span> <span class="n">networking</span> <span class="n">as</span> <span class="n">priviledged</span>
+<span class="n">AccessController</span><span class="o">.</span><span class="n">doPrivileged</span><span class="p">(</span><span class="k">new</span> <span class="n">PrivilegedAction</span><span class="p">()</span> <span class="p">{</span>
+<span class="n">public</span> <span class="n">Object</span> <span class="n">run</span><span class="p">()</span> <span class="p">{</span>
+ <span class="sr">//</span> <span class="n">privileged</span> <span class="n">code</span> <span class="n">goes</span> <span class="n">here</span><span class="p">,</span> <span class="n">so</span> <span class="n">that</span> <span class="n">the</span> <span class="n">user</span> <span class="n">doesn</span><span class="err">'</span><span class="n">t</span> <span class="nb">require</span>
+ <span class="sr">//</span> <span class="n">file</span> <span class="n">access</span> <span class="ow">and</span> <span class="n">networkig</span> <span class="n">permissions</span> <span class="n">to</span> <span class="n">access</span> <span class="n">RemoteFooBar</span>
+ <span class="sr">//</span> <span class="p">(</span><span class="n">but</span> <span class="n">only</span> <span class="n">RemoteFooBarPermission</span><span class="p">)</span>
+ <span class="k">return</span> <span class="n">null</span><span class="p">;</span> <span class="sr">//</span> <span class="n">nothing</span> <span class="n">to</span> <span class="k">return</span>
+ <span class="p">}</span>
+<span class="p">});</span>
+</pre></div>
+ </div>
+
+ <div id="footer">
+ <div class="copyright">
+ <p>
+ Copyright © 2010 The Apache Software Foundation, Licensed under
+ the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
+ <br />
+ Apache, Stanbol and the Apache feather and Stanbol logos are trademarks of The Apache Software Foundation.
+ </p>
+ </div>
+ </div>
+
+</body>
+</html>
+