Search:

Apache » Lenya
project logo
  • Project
  • Developer
  • Community
  • Version 2.2
  • Version 2.0
  • Version 1.2
  • Version 1.2
    • Installation
      • Download
      • Subversion Access
      • Install Instructions
    • Tutorial
      • Introduction
      • 1. Understanding Lenya
      • 2. Installing Lenya
      • 3. Anatomy of the Pipeline
      • 4. Editing in Lenya
      • 5. Custom Navigation in Lenya
      • 6a. Mod Proxy and Lenya
      • 6b. Mod Proxy and Lenya
    • How-To
      • FAQ
      • New Publication
      • Deploy Publication
      • Look and Feel
      • Custom Resource Type
      • Adding Mime Types
      • Site Navigation
      • LDAP Authentication
      • CMS Menus
      • CMS Screens
      • Search Publications
      • External Data
      • Unit Tests
    • Components
      • Access Control
        • Basic Terms
        • Access Controllers
        • Access Controller Resolvers
        • Authenticators
        • Authorizers
        • Policies and Policy Managers
        • Accreditable Managers
        • SSL Encryption
      • Authoring
        • Adding a new document creator
        • Image Upload
        • OpenOffice
      • Deployment
        • Proxying
      • Editors
        • HTML Form Editor
        • HTML One Form Editor
        • Bitflux Editor
        • Kupu
        • Xopus
      • Layout
        • Navigation
        • XHTML templating
        • Serving static resources
        • Lenya Menubar
      • Publication
        • PageEnvelopeModule
        • Site tree
      • Resource Types
        • Resource Types
      • Revision Control
        • Revision Controller
        • RCML
        • Check In
        • Check Out
        • Revisions
        • Rollback
      • Repository
        • WebDAV Servers
      • Search
        • Searching with Lucene
      • URI Handling
        • URI Parametrizer
        • URI Scheme
        • Usecases
      • Asset Management
        • Asset Management
      • Link Management
        • Link Management
      • Meta Data
        • Meta Data Handling
      • Multilingual Documents
        • Multilingual Document Handling
      • Tasks
        • The Task Concept
        • Defining Tasks
        • The TaskAction
        • Scheduling a Task
        • Included tasks
          • AntTask
          • DefaultFilePublisher
          • StaticHTMLExporter
          • MailTask
        • Developing Tasks
      • Workflow
        • Terms
        • The State Machine
        • Configuration
        • Implementation
      • Site Management
        • Archive
        • Copy
        • Deactivate
        • Delete
        • Delete the trash
        • Move
        • Move Up/Down
        • Rename
        • Restore
    • Miscellaneous
      • Namespaces
      • Reserved Names
      • XInclude Processor
    • 1.2 API (Javadoc)

Current Event

Meeting Bad Säckingen 2009

Built with Apache Lenya

Basic Terms

Table of Contents
  • Role
  • Identifiable
  • Identity
  • Accreditable
  • Credential
  • Policy

Role

Roles are the connection between access control and CMS functionality. On the access control side, you assign Roles to users, IP address ranges and groups at certain URL spaces. On the CMS side, you define which Roles are needed to execute certain usecases and workflow transitions. If the client has a certain Role, this means he is allowed to do something.

Each Role has a unique name. Role names can be arbitrary strings. Examples are

  • author
  • reviewer
  • admin

Another common approach and useful is to use verbs as role names:

  • edit
  • review
  • administrate

Identifiable

An Identifiable is a characteristic of the client that can be identified. Every Identifiable is Accreditable. Lenya currently supports the following Identifiables:

  • users
  • machines
  • the world (this idenitifiable is assigned to every client that tries to access the system)

Identity

An Identity is the collection of all Identifiables that have access to the system in the current session. The Identity always contains the world and the machine that produced the request. If you logged in, the user is also contained in the Identity.

For instance, if you log in from the machine 192.168.0.16 as the user john, the Identity of the client contains

  • the machine 192.168.0.16,
  • the user john, and
  • the world.

Accreditable

An Accreditable can be accredited with Roles in Policies. Lenya currently supports the following Accreditables:

  • users
  • machines (accredition not implemented, use IP ranges instead)
  • IP address ranges
  • the world
  • groups

Credential

A Credential assigns a set of Roles to an Accreditable, e.g.:

  • news_editors: editor, reviewer
    means "The group news_editors has the Roles editor and reviewer."

Policy

A Policy defines a set of Credentials for a certain URL. It has the responsibility to return all Roles of an Accreditable at a certain URL.

If for instance the Policy for the URL /tv/news contains the Credentials

  • news_editors: editor, reviewer
  • john: admin
  • 192.168.0.72: visitor

and user john belongs to the group news_editors and has logged in from the machine 192.168.0.72, the Policy returns the Roles editor, reviewer, admin, visitor for the Accreditable john.

A Policy may not contain invalid Accreditables. E.g., if a user is deleted and another user with the same ID is created, he may not get the same privileges as the former one.

Copyright © 1999-2009 The Apache Software Foundation. All rights reserved.