directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <smckin...@apache.org>
Subject Re: New RoleConstraint Types for ABAC
Date Thu, 23 Aug 2018 15:42:01 GMT

> On Aug 23, 2018, at 10:22 AM, Yudhi Karunia Surtan <brainmaster716@gmail.com> wrote:
> 
> 
> How about the compability with previous version?
> If it is not compatible, is there a way for migrate it?
> Thanks.

Hello Yudhi,

By compatibility, are you asking about the new functionality (generic abac), i.e. what was
just added?  Or the old, from back a few years ago (pasets)

For the old, yes, it passes all existing tests.  

For the new - yes as well.  Here’s we’ll add a new constraint validator.  

Here’s what we had last release:
temporal.validator.0:org.apache.directory.fortress.core.util.time.Date"
temporal.validator.1:org.apache.directory.fortress.core.util.time.LockDate"
temporal.validator.2:org.apache.directory.fortress.core.util.time.Timeout"
temporal.validator.3:org.apache.directory.fortress.core.util.time.ClockTime"
temporal.validator.4:org.apache.directory.fortress.core.util.time.Day"
temporal.validator.5:org.apache.directory.fortress.core.util.time.Discriminant”

For next release we could deprecate #5, and add:
temporal.validator.5:org.apache.directory.fortress.core.util.time.RoleConstraint”

That way if you have time to move into the new data format.  Which will use these apis to
load:

    RoleConstraint addRoleConstraint( UserRole uRole, RoleConstraint roleConstraint )
    	throws SecurityException;
    void removeRoleConstraint( UserRole uRole, RoleConstraint roleConstraint )
    	throws SecurityException;

Instead of property values.  Are you using these?  Thanks for brining this up.

—Shawn


Mime
View raw message