Chapter 15. Configuring Security in the policies.xml

This chapter explains the policies.xml configuration which defines policy privilege check used in JEUS security system.

XML schema file: JEUS_HOME/lib/schemas/jeus/policies.xsd

15.1. Introduction

XML references are configured in the following format.

XML Schema/XML Tree: Summarizes all the tags of XML configuration file. Each node is defined in the following format.
1. Tag reference enables quick search for tags. Each tag is attached with index numbers ( ex: (11) ). Tags are explained with this number in tag reference.
2. The XML tag name defined in the XML schema is expressed in the format of <tag name>.
3. Tags are set with cardinality defined in XML schema.
  
  “?” is for 0 or 1 element, “+” is for 1 or more elements, “*” is for 0 or more elements, (no symbol) is for exactly one element
4. Several tags have "P" character, meaning that they are the tags related to performance. These tags are used to tune the setting.
Element Reference: Explains XML tags in the tree.
1. Dynamic: Allowed to change the configuration dynamically.
2. Non-Dynamic: Not allowed to change the configuration dynamically. This is expressed only for the special case to comment out.
3. Description: A short description for tags.
4. Value Description: The value and type.
5. Value Type: Data type of the value. (ex: String)
6. Value Type Description: Description for the data type of the value.
7. Default Value: The value to be used by default when the XML is not used.
8. Defined Value: The default value.
9. Example: The XML tag example.
10. Performance Recommendation: The value recommended to improve performance.
11. Child Elements:The tags contained in its own tag element.

15.2. XML Schema/XML Tree

(1) <policies>
- (2) <policy> ?
  - (3) <role-permissions> ?
    (4) <role-permission> *
    (5) <role>
    (6) <principal> *
    (7) <actions> ?
    (8) <classname> ?
    (9) <excluded> ?
    
    (10) <unchecked> ?
  - (11) <resource-permissions> *
    (12) <context-id> ?
    (13) <resource-permission> *
    (14) <resource>
    (15) <actions>
    (16) <role> *
    (17) <classname> ?
    (18) <excluded> ?
    
    (19) <unchecked> ?

15.3. Element Reference

(1) `<policies>`
Description	JEUS permission checking policies.
Value Type	PoliciesType
Child Elements	(3) `policy`

(2) `< policies > <policy>`
Description	Defines the JEUS policies.
Value Type	PolicyType
Child Elements	(4) `role-permissions` (12) `resource-permissions`

(3) `< policies >< policy > <role-permissions>`
Description	Principal to role mappings.
Value Type	RolePermissionsType
Child Elements	(5) `role-permission`

(4) `< policies >< policy >< role-permissions > <role-permission>`
Description	Principal to role mapping.
Value Type	rolePermissionType
Child Elements	(6) `role` (7) `principal` (8) `actions` (9) `classname` (10) `excluded` (11) `unchecked`

(5) `< policies >< policy >< role-permissions >< role-permission > <role>`
Description	Name of the role to be assigned to the principals.
Value Type	token

(6) `< policies >< policy >< role-permissions >< role-permission > <principal>`
Description	User principal for the role.
Value Type	token
Value Description	Name of the principal specified in accounts.xml in the security directory.

(7) `< policies >< policy >< role-permissions >< role-permission > <actions>`
Description	Action for the RolePermission object. The default value is no action for RolePermissions.
Value Type	token

(8) `< policies >< policy >< role-permissions >< role-permission > <classname>`
Description	Role permission class name. If a class name is not specified, the default class name will be used.
Value Type	token

(9) `< policies >< policy >< role-permissions >< role-permission > <excluded>`
Description	Indicates that the role will be disabled.
Value Type	emptyType

(10) `< policies >< policy >< role-permissions >< role-permission > <unchecked>`
Description	Indicates that the role will be available without any permission.
Value Type	emptyType

(11) `< policies >< policy > <resource-permissions>`
Description	Role to resource mappings.
Value Type	ResourcePermissionsType
Child Elements	(13) `context-id` (14) `resource-permission`

(12) `< policies >< policy >< resource-permissions > <context-id>`
Description	Context for the role to resource mapping. This tag is not used often.
Value Type	token
Value Description	Context ID
Default Value	default

(13) `< policies >< policy >< resource-permissions > <resource-permission>`
Description	Role resource mapping for the policy.
Value Type	ResourcePermissionType
Child Elements	(15) `resource` (16) `actions` (17) `role` (18) `classname` (19) `excluded` (20) `unchecked`

(14) `< policies >< policy >< resource-permissions >< resource-permission > <resource>`
Description	Defines the resources that are mapped to the role.
Value Type	token
Value Description	Resource name

(15) `< policies >< policy >< resource-permissions >< resource-permission > <actions>`
Description	Action value that will be returned to the ResourcePermission class creator.
Value Type	token
Value Description	Action data value to return to the ResourcePermission class

(16) `< policies >< policy >< resource-permissions >< resource-permission > <role>`
Description	Role mapped to the resource.
Value Type	token
Value Description	Role name

(17) `< policies >< policy >< resource-permissions >< resource-permission > <classname>`
Description	Java class name that inherits java.security.Permission. This class is used for resource permissions.
Value Type	token
Value Description	Java class name
Default Value	jeus.security.resource.ResourcePermission

(18) `< policies >< policy >< resource-permissions >< resource-permission > <excluded>`
Description	If this tag is used, the resource cannot be accessed.
Value Type	emptyType
Value Description	Empty. No values are set.

(19) `< policies >< policy >< resource-permissions >< resource-permission > <unchecked>`
Description	If this tag is used, permissions for the resource will not be checked. Anyone can access the resource.
Value Type	emptyType
Value Description	Empty. No values are set.

15.4. Example File

[Example 15.1] Example File

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<policies xmlns="http://www.tmaxsoft.com/xml/ns/jeus">
    <!--
        Policy information for authorization Service.
    -->
    <policy>
        <role-permissions>
            <role-permission>
                <principal>peter</principal>
                <role>Administrator</role>
                <actions>09:00-17:00</actions>
                <classname>jeus.security.resource.TimeConstrainedRolePermission</classname>
                <excluded/>
                <unchecked/>
            </role-permission>
        </role-permissions>
        <resource-permissions>
            <context-id>MyContext</context-id>
            <resource-permission>
                <role>Administrator</role>
                <resource>jeus.server.*</resource>
                <actions>boot,down</actions>
                <classname>jeus.security.resource.TimeConstrainedResourcePermission</classname>
                <excluded/>
                <unchecked/>
            </resource-permission>
        </resource-permissions>
    </policy>
</policies>

Prev		Next
Chapter 14. Configuring Security in the accounts.xml	Home	Chapter 16. Configuring user-cert-map.xml