-
Notifications
You must be signed in to change notification settings - Fork 0
/
role-engineering-sample-security-policy.xml
102 lines (89 loc) · 5.96 KB
/
role-engineering-sample-security-policy.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project basedir="." default="all" name="Fortress Sample Data">
<taskdef classname="org.apache.directory.fortress.core.ant.FortressAntTask" name="FortressAdmin">
<classpath path="${java.class.path}"/>
</taskdef>
<target name="all">
<FortressAdmin>
<adduser>
<user userId="johndoe" password="password" description="User has both Buyer and Seller Roles Assigned" cn="Jon Doe" sn="Doe" ou="u1" />
<user userId="ssmith" password="password" description="User has Buyer Role Assigned" cn="Steve Smith" sn="Smith" ou="u1" />
<user userId="rtaylor" password="password" description="User has Seller Role Assigned" cn="Ricky Taylor" sn="Taylor" ou="u1" />
</adduser>
<adduserrole>
<userrole userId="johndoe" name="Role_Buyers"/>
<userrole userId="johndoe" name="Role_Sellers"/>
<userrole userId="johndoe" name="Super_Users"/>
<userrole userId="ssmith" name="Role_Buyers"/>
<userrole userId="rtaylor" name="Role_Sellers"/>
</adduserrole>
<addrole>
<role name="Role_Users" description="Basic rights for all Buyers and Sellers"/>
<role name="Role_Buyers" description="May bid on and purchase products"/>
<role name="Role_Sellers" description="May start auctions and ship items"/>
<role name="Super_Users" description="May switch between buyers and sellers"/>
</addrole>
<addroleinheritance>
<relationship child="Role_Buyers" parent="Role_Users"/>
<relationship child="Role_Sellers" parent="Role_Users"/>
</addroleinheritance>
<addsdset>
<sdset name="BuySel" setmembers="Role_Buyers,Role_Sellers" cardinality="2" setType="DYNAMIC" description="User can only be activate one role of this set"/>
</addsdset>
<addpermobj>
<permobj objName="org.rolesample.HomePage" description="Role Engineering Sample Home Page" ou="p1" type="Page"/>
<permobj objName="SellersPage" description="Used by Sellers" ou="p1" />
<permobj objName="BuyersPage" description="Used by Buyers" ou="p1" />
<permobj objName="Item" description="This product is available for purchase" ou="p1" />
<permobj objName="Auction" description="Controls a particular online auction" ou="p1" />
<permobj objName="Account" description="Each user must have one of these" ou="p1" />
</addpermobj>
<addpermop>
<permop objName="org.rolesample.HomePage" opName="switchToSeller" type="Button" description="Permission for org.rolesample.HomePage.switchToSeller"/>
<permop objName="org.rolesample.HomePage" opName="switchToBuyer" type="Button" description="Permission for org.rolesample.HomePage.switchToBuyer"/>
<permop objName="org.rolesample.HomePage" opName="switchRoles" type="Button" description="Permission for org.rolesample.HomePage.switchRoles"/>
<permop objName="SellersPage" opName="link" />
<permop objName="BuyersPage" opName="link" />
<permop objName="Item" opName="bid" description="Bid on a given product"/>
<permop objName="Item" opName="buy" description="Purchase a given product"/>
<permop objName="Item" opName="ship" description="Place a product up for sale"/>
<permop objName="Item" opName="search" description="Search through item list"/>
<permop objName="Auction" opName="create" description="May start a new auction"/>
<permop objName="Account" opName="create" description="Ability to add a new account"/>
</addpermop>
<addpermgrant>
<permgrant objName="org.rolesample.HomePage" opName="switchToSeller" roleNm="Role_Buyers"/>
<permgrant objName="org.rolesample.HomePage" opName="switchToBuyer" roleNm="Role_Sellers"/>
<permgrant objName="org.rolesample.HomePage" opName="switchRoles" roleNm="Super_Users"/>
<permgrant objName="SellersPage" opName="link" roleNm="Role_Sellers"/>
<permgrant objName="BuyersPage" opName="link" roleNm="Role_Buyers"/>
<permgrant objName="Item" opName="bid" roleNm="Role_Buyers"/>
<permgrant objName="Item" opName="buy" roleNm="Role_Buyers"/>
<permgrant objName="Item" opName="ship" roleNm="Role_Sellers"/>
<permgrant objName="Auction" opName="create" roleNm="Role_Sellers"/>
<permgrant objName="Item" opName="search" roleNm="Role_Users"/>
<permgrant objName="Account" opName="create" roleNm="Role_Users"/>
</addpermgrant>
<addorgunit>
<orgunit name="u1" typeName="USER" description="Test User Org for Rbac Role Engineering Sample"/>
<orgunit name="p1" typeName="PERM" description="Test Perm Org for Rbac Role Engineering Sample"/>
</addorgunit>
</FortressAdmin>
</target>
</project>