You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@isis.apache.org by "Kevin Meyer (Commented) (JIRA)" <ji...@apache.org> on 2012/03/14 08:03:40 UTC
[jira] [Commented] (ISIS-211)
org.apache.isis.security.file.authorization.FileAuthorizor does not work
[ https://issues.apache.org/jira/browse/ISIS-211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13229040#comment-13229040 ]
Kevin Meyer commented on ISIS-211:
----------------------------------
File authorizor class is picked up and queried only when the Facet is installed. Do so with the following in isis.properties:
isis.reflector.facets.include=org.apache.isis.runtimes.dflt.runtime.authorization.AuthorizationFacetFactoryForDfltRuntime
This still does let the file authorizor work as expected - in the HTML viewer, a service and role that is in the authorizor.deny still appears as a visible service.
> org.apache.isis.security.file.authorization.FileAuthorizor does not work
> ------------------------------------------------------------------------
>
> Key: ISIS-211
> URL: https://issues.apache.org/jira/browse/ISIS-211
> Project: Isis
> Issue Type: Bug
> Components: Security: File
> Affects Versions: 0.3.0-incubating
> Reporter: Kevin Meyer
>
> Even with the following in isis.properties:
> isis.authorization=file
> isis.authorization.file.whitelist=allow.properties
> isis.authorization.file.blacklist=disallow.properties
> the file authorizor is picked up:
> 13:41:06,268 [FileAuthorizor main INFO ] loading authorization details from allow.properties
> 13:41:06,269 [FileAuthorizor main INFO ] loading authorization details from allow.properties
> 13:41:06,269 [JmxBeanServer main INFO ] JMX bean server created
> 13:41:06,299 [JmxBeanServer main INFO ] file-authorizer JMX mbean registered: org.apache.isis.security.file.authorization.FileAuthorizor@34a083f2
> But it does not work - services that are listed in the disallow.properties and services not listed in the allow.properties are still available.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira