You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@isis.apache.org by "Kevin Meyer (Commented) (JIRA)" <ji...@apache.org> on 2012/03/14 08:03:40 UTC

[jira] [Commented] (ISIS-211) org.apache.isis.security.file.authorization.FileAuthorizor does not work

    [ https://issues.apache.org/jira/browse/ISIS-211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13229040#comment-13229040 ] 

Kevin Meyer commented on ISIS-211:
----------------------------------

File authorizor class is picked up and queried only when the Facet is installed. Do so with the following in isis.properties:

isis.reflector.facets.include=org.apache.isis.runtimes.dflt.runtime.authorization.AuthorizationFacetFactoryForDfltRuntime

This still does let the file authorizor work as expected - in the HTML viewer, a service and role that is in the authorizor.deny still appears as a visible service.
                
> org.apache.isis.security.file.authorization.FileAuthorizor does not work
> ------------------------------------------------------------------------
>
>                 Key: ISIS-211
>                 URL: https://issues.apache.org/jira/browse/ISIS-211
>             Project: Isis
>          Issue Type: Bug
>          Components: Security: File
>    Affects Versions: 0.3.0-incubating
>            Reporter: Kevin Meyer
>
> Even with the following in isis.properties:
> isis.authorization=file
> isis.authorization.file.whitelist=allow.properties
> isis.authorization.file.blacklist=disallow.properties
> the file authorizor is picked up:
> 13:41:06,268  [FileAuthorizor       main       INFO ]  loading authorization details from allow.properties
> 13:41:06,269  [FileAuthorizor       main       INFO ]  loading authorization details from allow.properties
> 13:41:06,269  [JmxBeanServer        main       INFO ]  JMX bean server created
> 13:41:06,299  [JmxBeanServer        main       INFO ]  file-authorizer JMX mbean registered: org.apache.isis.security.file.authorization.FileAuthorizor@34a083f2
> But it does not work - services that are listed in the disallow.properties and services not listed in the allow.properties are still available.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira