Previous topic  Top  Next topic  Print this Topic
 

Custom Permissions

  

You can define and use custom permissions on module level as follows:

1.Add definitions of custom permissions to the security-context.xml.

Add a property customPermissionDefinitions to the bean SecurityModuleRealm in security-context.xml.

Example:

<bean id="SecurityModuleRealm"

class="com.ontoprise.security.realm.SecurityModuleAuthorizationRealm">

      <property name="customPermissionDefinitions">

          <list>

              <value>deploy</value>

              <value>undeploy</value>

          </list>

      </property>

  </bean>  

In this example definitions for the custom permissions "deploy" and "undeploy" have been added.

2.Use these custom permissions in roles of the security ontology($security.obl).

Example:

role1:Role[customPermission("deploy")->module1,customPermission("undeploy")->"*"].

In this example a role "role1" is defined with custom permission "deploy" for module module1 and custom permission "undeploy" for all modules.

3.a)  Use _isCustomPermitted/2 to use the custom permission in your rules or queries:

Example:

?- _isCustomPermitted(module1, "deploy").

This query would return true if user has above defined role1

3.b)  Use custom permissions programmatically with the OntoBroker API.

import com.ontoprise.security.CustomPermission;

SessionFacade sf = ....;

Term module = ...;

CustomPermission custperm = new CustomPermission(module, "deploy");

boolean permitted = SessionFacadeSecurityHelper.isPermitted(sf, custperm);