The ATG secured repository system works in conjunction with the ATG Security System to provide fine-grained access control to repository item descriptors, individual repository items, and even individual properties through the use of Access Control Lists (ACLs). The secured repository feature permits you to control the access users have to assets, asset properties, and asset types. You can convert any existing repository to a secure repository in ATG without disturbing the existing design or data. ATG Secure Repository design is very much like a decorator, an existing real repository can be wrapped with access control.
How to create ATG Composite Repository?
Refer this post to write an ATG Composite Repository.
Secure repository component diagram.
Secure repository static design.
Steps to create secure repository.
In the below given example we are converting an already existing repository name cricketer to a secure repository.
1. Alter the underneath table to add owner, item acl and property acl. (ACL == Access Control List)
OWNER column contains the name of the user who created the row/item/record.
ITEM_ACL column (item access control list) contains ACL for the row/item/record.
PROPERTY_ACL column (property access control list) contains ACL for specific properties.
2. Add ACL related properties to cricketer item descriptor.
3. Create secure repository template for the cricketer item descriptor.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
<secured-repository-template> <item-descriptor name="cricketer"> <descriptor-acl value="Admin$role$administrators-group:read,write,create,delete;Admin$role$everyone-group:read/> <owner-property name="owner"/> <acl-property name="item_acl"/> <creation-base-acl value="Admin$role$administrators-group:read,write,list,destroy,read_owner,write_owner,read_acl,write_acl; Admin$role$everyone-group:read,list"/> <creation-owner-acl-template value="$:read,write,list,destroy"/> <creation-group-acl-template value="$:read,list"/> <property name="secured_property"> <descriptor-acl value="Admin$role$administrators-group:read,write;Admin$role$everyone-group:read"/> <acl-property name="property_acl"/> <creation-base-acl value="Admin$role$administrators-group:read,write"/> <creation-owner-acl-template value="$:read,write"/> <creation-group-acl-template value="$:read,write"/> </property> </item-descriptor> </secured-repository-template> |
4. Configure the cricketer repository as a secured repository.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# /info/atgblog/repository/SecuredCricketerRepository.properties $class=atg.adapter.secure.GenericSecuredMutableRepository $scope=global name=SecuredCricketerRepository repositoryName=SecuredCricketerRepository # the unsecure repository which has to be wrapped to made secure. repository=CricketerRepository # The template file that configures the repository configurationFile=secured-cricketer-repository.xml # The security configuration component used by the repository securityConfiguration=/atg/dynamo/security/SecuredRepositorySecurityConfiguration # Various Dynamo services we need XMLToolsFactory=/atg/dynamo/service/xml/XMLToolsFactory transactionManager=/atg/dynamo/transaction/TransactionManager |
GenericSecuredMutableRepository is used to wrap or decorate the un-secure repository named CricketerRepository.
Every call from client will go thru GenericSecuredMutableRepository to access the underneath repository.
GenericSecuredMutableRepository filter the records based upon the ACL given for the item/property.
5. Register the repositories. This is required to expose the two repositories to the ATG Control Center Repository Editor and activate them on application startup.
1 2 |
initialRepositories+=/info/atgblog/repository/SecuredCricketerRepository.properties, \ /info/atgblog/repository/CricketerRepository.properties |
above give property shall be added to /atg/registry/ContentRepositories.
You are done. CricketRepository is ACL enabled now!
Appendix
1. Possible attributes for secured repository definition.
Самая детальная информация Recurring payments in crypto у нас. Самая актуальная информация louisville granite countertops на нашем сайте.
Pingback: ATG Composite Repository. | ATG