Versions Compared

Old Version 3

changes.mady.by.user Olivier Grenet

Saved on

compared with

New Version 4

changes.mady.by.user Cédric Alcisiadi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

First, and foremost, new Security Domains and Actions can now be included into plugins by adding a file names “security.xml” in config directory : this is a sample code to explain how this can be done of such file:

Code Block
languagejavaxml
public void installSecurityDomain() {
    if(Startup.isModeProduction() ) // Deny if the server is in production.
      return;

    try {
      boolean save = false;
      Domain d = SecurityManager.getDomain("MediaCloud");
 <?xml version="1.0" encoding="UTF-8" ?>
<security>
    if (d == null) {
        log.warn("The security domain 'MediaCloud' doesn't exist. Try to create it");
        SecurityManager.addDomain("MediaCloud", "mediacloud", false);
        d = SecurityManager.getDomain("MediaCloud");<domain name="boards" description="Devine" system="true" enabled="false">
        save<action = true;
      }
      Action a = d.getAction("mediaAction");
      if( a == null ) {
        log.warn("The security action 'MediaCloud::mediaAction' doesn't exist. Try to create it");
        d.addAction("mediaAction");name="makePublicBoard" description="Allow user to make a public board">
            a<param name= new Action("mediaActionsurfer");
        a = d.getAction("mediaAction");
        a.addParameter("surfer", SurferParameter.class.getName()); type="wsnoheto.securite.parameter.SurferParameter"></param>
        a.addParameter("object", ObjectNohetoParameter.class.getName());         a.addParameter("objectname", LowerStringParameter.class.getName());
        a.addParameter("method", LowerStringParameter.class.getName());
        save = true;<rule name="default" description="No restriction" enabled="true" blocking="false">true</rule>
       } </action>
     if( save ) {
        log.warn("Security domains updated");
        SecurityManager.saveXml();
      }
    } catch(Exception e) {
      log.error("Can't update security domains and actions for MediaCloud. Try to create it manually");
    }
  }

Two new domains have been added :

MediaCloud/mediaAction : this domain and action is added by the WXM_DAMDY plugin. They allow for filtering authorised action when manipulating Videos : creating new chapters, setting video poster, subcaptionning…

...

</domain>
</security>

The syntax of this file is the same as the global schema.xml generated by security/admin UI.

The following rules apply on merge :

  • Missing domain are added ( as disabled ) with their actions and rules.

  • Missing actions are added with their rules.

  • New rules are not added to existing actions.

  • New macros are added.

  • The runtime config is set but the global file is not saved on disk until you save it manually or do a backup.

  • Be careful to add some default rule to new action of an existing domain if you don’t want weird behaviour on production because actions can’t be disabled alone.

Portal Setup changes

Setting up eTags on REST Resources

...