When you’re writing an application, there are almost always parts of the application or its data that should be protected by permissions. Some users should access all the functions or data, but most users shouldn’t.

On many platforms, developers have to create the security model themselves. On Liferay Portal, an application security model has been provided for you; you only need to make use of it.

Fortunately, no matter what your application does, access to it and to its content can be controlled with permissions. Read on to learn about Liferay’s permissions system and how add permissions to your application.

The permissions system has three parts: Resources, Actions, and Permissions.

Action: An operation that can be performed by a user. For example, users can perform these actions on the Bookmarks application: ADD_TO_PAGE, CONFIGURATION, and VIEW. Users can perform these actions on Bookmarks entry entities: ADD_ENTRY, DELETE, PERMISSIONS, UPDATE, and VIEW.

Resource: A generic representation of any application or entity on which an action can be performed. Resources are used for permission checking. For example, resources could include the RSS application with instance ID hF5f, a globally scoped Wiki page, a Bookmarks entry of the site X, and a Message Boards post with the ID 5052.

Permission: A flag that determines whether an action can be performed on a resource. In the database, resources and actions are saved in pairs. Each entry in the ResourceAction table contains both the name of a portlet or entity and the name of an action. For example, the VIEW action with respect to viewing the Bookmarks application is associated with the com_liferay_bookmarks_web_portlet_BookmarksPortlet portlet ID. The VIEW actions with respect to viewing a Bookmarks Folder or viewing a Bookmarks entry are associated with the com.liferay.bookmarks.model.BookmarksFolder and com.liferay.bookmarks.model.BookmarksEntry entities, respectively.

To do permissions, therefore, you define Users (Roles) who have Permission to perform Actions on Resources. User definition is done by administrators once your application is deployed; developers define resources, actions, and default permissions.

You can implement permissions in your applications in four steps that spell the acronym DRAC:

  1. Define all resources and their permissions.

  2. Register all defined resources in the permissions system.

  3. Associate the necessary permissions with resources.

  4. Check permission before returning resources.

The next four tutorials show these steps in detail.

Defining Resources and Permissions

Your first step in implementing permissions is to define the resources and the permissions that protect them. There are two different kinds of resources: portlet resources and model resources....

Llegeix més

Registering Permissions

Defining permissions was your first step; now you’re ready to register the permissions you’ve defined. You must register your entities both in the database and in the permissions service running in...

Llegeix més

Associating Permissions with Resources

Now that you’ve defined and registered permissions, you must expose the permissions interface so users can set permissions. To allow permissions to be configured for model resources, you must add...

Llegeix més

Checking Permissions

Now that you’ve defined your permissions, registered resources in the database and with the OSGi container, and enabled users to associate permissions with resources, you’re ready to add permission...

Llegeix més
0 (0 Vots)
Application Security Anterior