Changes between Version 6 and Version 7 of RepAaa


Ignore:
Timestamp:
Oct 12, 2010, 5:26:27 PM (14 years ago)
Author:
tim.bauge
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • RepAaa

    v6 v7  
    4949* rule "name", which can be anything
    5050* @field ("content"), these are rule metadata used for logging.
    51 * when<CR>a: AuthorisationRequest(condition) : the condition to be evaluated, which in these cases is the REP URL being access controlled and the role of the requester
     51* when<CR>a: !AuthorisationRequest(condition) : the condition to be evaluated, which in these cases is the REP URL being access controlled and the role of the requester
    5252* then: whether access should be granted or not.
    5353
    54 The roles which are evaluated in these rules are the roles contained in the tokens issued by the [wiki:Aaa|STS].
     54The roles which are evaluated in these rules are the roles contained in the tokens issued by the [wiki:Aaa STS].
    5555=== Registering the policy ===
    5656There may be multiple AAA services running in the domain, and the resource provider must choose which to use (in a real life deployment they may differ in terms of SLAs, or service cost etc).
    57 The AAA service implementation is provided as a WAR file deployed in a servelet container (see [wiki:Aaa|here]), and the policy files should be placed in the "/WEB-INF/classes/authorisation-policies" folder of the WAR file, and the AAA service restarted.
    58 Adding, modifying or removing policies is done by changing the content of the "WEB-INF/classes/authorisation-policies" folder.
     57The AAA service implementation is provided as a WAR file deployed in a servelet container (see [wiki:Aaa here]), and the policy files should be placed in the "/WEB-INF/classes/authorisation-policies" folder of the WAR file, and the AAA service restarted.
     58Adding, modifying or removing policies is done by changing the content of the aaa.war/WEB-INF/classes/authorisation-policies folder.
    5959=== Configuring the Access Controlled REP ===
    6060The access controlled REP is provided as a WAR file, to be deployed in a servelet container such as Apache Tomcat. The REP must be configured in the messages.properties file located in /WEB-INF/classes directory of the WAR file.