PublicServicesSecurityContext

Document created by resplin Employee on Jun 6, 2015
Version 1Show Document
  • View in full screen mode

Obsolete Pages{{Obsolete}}

The official documentation is at: http://docs.alfresco.com



Authorization
This are the permission restrictions used in v1.0 of the enterprise product.

Back to Permissions and Roles Configuration




<beans>



    <import resource='classpath:alfresco/cache-context.xml' />







    <bean id='permissionService' class='org.springframework.transaction.interceptor.TransactionProxyFactoryBean'>
        <property name='proxyInterfaces'>
            <value>org.alfresco.repo.security.permissions.PermissionServiceSPI</value>
        </property>
        <property name='transactionManager'>
            <ref bean='transactionManager' />
        </property>
        <property name='target'>
            <bean class='org.alfresco.repo.security.permissions.impl.PermissionServiceImpl'>
                <property name='nodeService'>
                    <ref bean='nodeService' />
                </property>
                <property name='dictionaryService'>
                    <ref bean='dictionaryService' />
                </property>
                <property name='permissionsDAO'>
                    <ref bean='permissionsDAO' />
                </property>
                <property name='modelDAO'>
                    <ref bean='permissionsModelDAO' />
                </property>
                <property name='authenticationService'>
                    <ref bean='authenticationService' />
                </property>
                <property name='authenticationComponent'>
                    <ref bean='authenticationComponent' />
                </property>
                 <property name='authorityService'>
                    <ref bean='authorityService' />
                </property>



                <property name='dynamicAuthorities'>
                    <list>
                        <ref bean='ownerDynamicAuthority' />
                        <ref bean='lockOwnerDynamicAuthority' />
                    </list>
                </property>
            </bean>
        </property>
        <property name='transactionAttributes'>
            <props>
                <prop key='*'>${server.transaction.mode.default}</prop>
            </props>
        </property>
    </bean>
   


   
   
    <bean id='ownerDynamicAuthority' class='org.alfresco.repo.ownable.impl.OwnerDynamicAuthority'>
        <property name='ownableService'>
            <ref bean='ownableService' />
        </property>
    </bean>
   

    <bean id='lockOwnerDynamicAuthority' class='org.alfresco.repo.lockable.impl.LockOwnerDynamicAuthority'>
        <property name='lockService'>
            <ref bean='lockService' />
        </property>
    </bean>




    <bean id='permissionsDAO' class='org.alfresco.repo.security.permissions.impl.hibernate.HibernatePermissionsDAO'>
        <property name='sessionFactory'>
            <ref bean='sessionFactory' />
        </property>
        <property name='nullPermissionCache'>
            <ref bean='nullPermissionCache' />
        </property>
    </bean>




    <bean id='permissionsModelDAO' class='org.alfresco.repo.security.permissions.impl.model.PermissionModel'>
        <property name='model'>
            <value>alfresco/model/permissionDefinitions.xml</value>
        </property>
        <property name='nodeService'>
            <ref bean='nodeService' />
        </property>
        <property name='dictionaryService'>
            <ref bean='dictionaryService' />
        </property>
    </bean>
   


   


   
    <bean id='roleVoter' class='net.sf.acegisecurity.vote.RoleVoter' abstract='false' singleton='true'
        lazy-init='default' autowire='default' dependency-check='default' >
        <property name='rolePrefix'>
            <value>ROLE_</value>
        </property>
    </bean>
   


   
    <bean id='groupVoter' class='net.sf.acegisecurity.vote.RoleVoter' abstract='false' singleton='true'
        lazy-init='default' autowire='default' dependency-check='default' >
        <property name='rolePrefix'>
            <value>GROUP_</value>
        </property>
    </bean>
   








       
    <bean id='aclEntryVoter' class='org.alfresco.repo.security.permissions.impl.acegi.ACLEntryVoter' abstract='false' singleton='true'
        lazy-init='default' autowire='default' dependency-check='default' >
       <property name='permissionService'>
           <ref bean='permissionService'></ref>
       </property>
       <property name='namespacePrefixResolver'>
           <ref bean='namespaceService'></ref>
       </property>
       <property name='nodeService'>
           <ref bean='nodeService'></ref>
       </property>   
       <property name='authenticationService'>
            <ref bean='authenticationService' />
       </property>
    </bean>
   
   


   

   
    <bean id='accessDecisionManager' class='net.sf.acegisecurity.vote.AffirmativeBased'>
        <property name='allowIfAllAbstainDecisions'><value>false</value></property>
        <property name='decisionVoters'>
            <list>
                <ref local='roleVoter'/>
                <ref local='groupVoter'/>
                <ref local='aclEntryVoter'/>
            </list>
        </property>
    </bean>
  


  
    <bean id='afterAcl' class='org.alfresco.repo.security.permissions.impl.acegi.ACLEntryAfterInvocationProvider' abstract='false' singleton='true'
        lazy-init='default' autowire='default' dependency-check='default' >
        <property name='permissionService'>
            <ref bean='permissionService'></ref>
        </property>
        <property name='namespacePrefixResolver'>
            <ref bean='namespaceService'></ref>
        </property>
        <property name='nodeService'>
            <ref bean='nodeService'></ref>
        </property> 
        <property name='authenticationService'>
             <ref bean='authenticationService' />
        </property> 
    </bean>
  
  
    <bean id='afterInvocationManager' class='net.sf.acegisecurity.afterinvocation.AfterInvocationProviderManager'>
        <property name='providers'>
            <list>
                <ref local='afterAcl'/>
            </list>
        </property>
    </bean>
   
   


   


   


   
   
    <bean id='NamespaceService_security' class='org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor' />
   
    <bean id='DictionaryService_security' class='org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor' />
   


   



































































         
   
    <bean id='NodeService_security' class='net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor'>
        <property name='authenticationManager'><ref bean='authenticationManager'/></property>
        <property name='accessDecisionManager'><ref local='accessDecisionManager'/></property>
        <property name='afterInvocationManager'><ref local='afterInvocationManager'/></property>
        <property name='objectDefinitionSource'>
            <value>
    org.alfresco.service.cmr.repository.NodeService.getStores=AFTER_ACL_NODE.sys:base.Read
    org.alfresco.service.cmr.repository.NodeService.createStore=ROLE_ADMINISTRATOR
    org.alfresco.service.cmr.repository.NodeService.exists=ACL_NODE.0.sys:base.Read
    org.alfresco.service.cmr.repository.NodeService.getRootNode=ACL_NODE.0.sys:base.Read
    org.alfresco.service.cmr.repository.NodeService.createNode=ACL_NODE.0.sys:base.CreateChildren
    org.alfresco.service.cmr.repository.NodeService.moveNode=ACL_NODE.0.sys:base.WriteProperties,ACL_PARENT.0.sys:base.DeleteChildren,ACL_NODE.1.sys:base.CreateChildren
    org.alfresco.service.cmr.repository.NodeService.setChildAssociationIndex=ACL_PARENT.0.sys:base.WriteProperties
                org.alfresco.service.cmr.repository.NodeService.getType=ACL_NODE.0.sys:base.ReadProperties
                org.alfresco.service.cmr.repository.NodeService.addAspect=ACL_NODE.0.sys:base.Write
                org.alfresco.service.cmr.repository.NodeService.removeAspect=ACL_NODE.0.sys:base.Write
                org.alfresco.service.cmr.repository.NodeService.hasAspect=ACL_NODE.0.sys:base.ReadProperties
                org.alfresco.service.cmr.repository.NodeService.getAspects=ACL_NODE.0.sys:base.ReadProperties
                org.alfresco.service.cmr.repository.NodeService.deleteNode=ACL_NODE.0.sys:base.Delete
                org.alfresco.service.cmr.repository.NodeService.addChild=ACL_NODE.0.sys:base.CreateChildren,ACL_NODE.1.sys:base.ReadProperties
                org.alfresco.service.cmr.repository.NodeService.removeChild=ACL_NODE.1.sys:base.Delete
                org.alfresco.service.cmr.repository.NodeService.getProperties=ACL_NODE.0.sys:base.ReadProperties
                org.alfresco.service.cmr.repository.NodeService.getProperty=ACL_NODE.0.sys:base.ReadProperties
                org.alfresco.service.cmr.repository.NodeService.setProperties=ACL_NODE.0.sys:base.WriteProperties
                org.alfresco.service.cmr.repository.NodeService.setProperty=ACL_NODE.0.sys:base.WriteProperties
                org.alfresco.service.cmr.repository.NodeService.getParentAssocs=ACL_NODE.0.sys:base.ReadProperties,AFTER_ACL_PARENT.sys:base.Read
                org.alfresco.service.cmr.repository.NodeService.getChildAssocs=ACL_NODE.0.sys:base.ReadChildren,AFTER_ACL_NODE.sys:base.Read
                org.alfresco.service.cmr.repository.NodeService.getPrimaryParent=ACL_NODE.0.sys:base.ReadProperties,AFTER_ACL_PARENT.sys:base.Read
                org.alfresco.service.cmr.repository.NodeService.createAssociation=ROLE_AUTHENTICATED
                org.alfresco.service.cmr.repository.NodeService.removeAssociation=ROLE_AUTHENTICATED
                org.alfresco.service.cmr.repository.NodeService.getTargetAssocs=ROLE_AUTHENTICATED
                org.alfresco.service.cmr.repository.NodeService.getSourceAssocs=ROLE_AUTHENTICATED
                org.alfresco.service.cmr.repository.NodeService.getPath=ACL_NODE.0.sys:base.ReadProperties
                org.alfresco.service.cmr.repository.NodeService.getPaths=ACL_NODE.0.sys:base.ReadProperties
            </value>
        </property>
    </bean>
   


   

   
    <bean id='ContentService_security' class='net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor'>
        <property name='authenticationManager'><ref bean='authenticationManager'/></property>
        <property name='accessDecisionManager'><ref local='accessDecisionManager'/></property>
        <property name='afterInvocationManager'><ref local='afterInvocationManager'/></property>
        <property name='objectDefinitionSource'>
            <value>
    org.alfresco.service.cmr.repository.ContentService.getReader=ACL_NODE.0.cm:content.ReadContent
                org.alfresco.service.cmr.repository.ContentService.getWriter=ACL_NODE.0.cm:content.WriteContent
            </value>
        </property>
    </bean>
   
   


   
    <bean id='MimetypeService_security' class='org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor' />
   


   

 
    <bean id='SearchService_security' class='net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor'>
        <property name='authenticationManager'><ref bean='authenticationManager'/></property>
        <property name='accessDecisionManager'><ref local='accessDecisionManager'/></property>
        <property name='afterInvocationManager'><ref local='afterInvocationManager'/></property>
        <property name='objectDefinitionSource'>
            <value>
    org.alfresco.service.cmr.search.SearchService.query=AFTER_ACL_NODE.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.selectNodes=AFTER_ACL_NODE.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.selectProperties=ACL_NODE.0.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.contains=ACL_NODE.0.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.like=ACL_NODE.0.sys:base.Read
            </value>
        </property>
    </bean>
  


  

  
    <bean id='CategoryService_security' class='net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor'>
        <property name='authenticationManager'><ref bean='authenticationManager'/></property>
        <property name='accessDecisionManager'><ref local='accessDecisionManager'/></property>
        <property name='afterInvocationManager'><ref local='afterInvocationManager'/></property>
        <property name='objectDefinitionSource'>
            <value>
    org.alfresco.service.cmr.search.CategoryService.getChildren=AFTER_ACL_NODE.sys:base.Read
                org.alfresco.service.cmr.search.CategoryService.getCategories=AFTER_ACL_NODE.sys:base.Read
                org.alfresco.service.cmr.search.CategoryService.getClassifications=AFTER_ACL_NODE.sys:base.Read
                org.alfresco.service.cmr.search.CategoryService.getRootCategories=AFTER_ACL_NODE.sys:base.Read
                org.alfresco.service.cmr.search.CategoryService.getClassificationAspects=ACL_ALLOW
                org.alfresco.service.cmr.search.CategoryService.createClassifiction=ACL_ALLOW
                org.alfresco.service.cmr.search.CategoryService.createRootCategory=ACL_ALLOW
                org.alfresco.service.cmr.search.CategoryService.createCategory=ACL_ALLOW
                org.alfresco.service.cmr.search.CategoryService.deleteClassification=ACL_ALLOW
                org.alfresco.service.cmr.search.CategoryService.deleteCategory=ACL_ALLOW
            </value>
        </property>
    </bean>
   
 


  

  
    <bean id='CopyService_security' class='org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor' />
   


   

    
    <bean id='LockService_security' class='net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor'>
        <property name='authenticationManager'><ref bean='authenticationManager'/></property>
        <property name='accessDecisionManager'><ref local='accessDecisionManager'/></property>
        <property name='afterInvocationManager'><ref local='afterInvocationManager'/></property>
        <property name='objectDefinitionSource'>
            <value>
                org.alfresco.service.cmr.lock.LockService.lock=ACL_NODE.0.cm:lockable.Lock
                org.alfresco.service.cmr.lock.LockService.unlock=ACL_NODE.0.cm:lockable.Unlock
                org.alfresco.service.cmr.lock.LockService.getLockStatus=ACL_NODE.0.sys:base.Read
                org.alfresco.service.cmr.lock.LockService.getLockType=ACL_NODE.0.sys:base.Read
                org.alfresco.service.cmr.lock.LockService.checkForLock=ACL_NODE.0.sys:base.Read
            </value>
        </property>
    </bean>
   


  

  
    <bean id='VersionService_security' class='org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor' />
   


   



   
    <bean id='CheckoutCheckinService_security' class='net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor'>
        <property name='authenticationManager'><ref bean='authenticationManager'/></property>
        <property name='accessDecisionManager'><ref local='accessDecisionManager'/></property>
        <property name='afterInvocationManager'><ref local='afterInvocationManager'/></property>
        <property name='objectDefinitionSource'>
            <value>
                org.alfresco.service.cmr.coci.CheckOutCheckInService.checkout=ACL_NODE.0.cm:lockable.CheckOut,ACL_NODE.1.sys:base.CreateChildren
                org.alfresco.service.cmr.coci.CheckOutCheckInService.checkin=ACL_NODE.0.cm:lockable.CheckIn
                org.alfresco.service.cmr.coci.CheckOutCheckInService.cancelCheckout=ACL_NODE.0.cm:lockable.CancelCheckOut
            </value>
        </property>
    </bean>
   


   

             
    <bean id='RuleService_security' class='org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor' />
   


   


    <bean id='ImporterService_security' class='org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor' />
   


   

    <bean id='ActionService_security' class='org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor' />
  


    


   
    <bean id='PermissionService_security' class='net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor'>
        <property name='authenticationManager'><ref bean='authenticationManager'/></property>
        <property name='accessDecisionManager'><ref local='accessDecisionManager'/></property>
        <property name='afterInvocationManager'><ref local='afterInvocationManager'/></property>
        <property name='objectDefinitionSource'>
            <value>
    org.alfresco.service.cmr.security.PermissionService.getOwnerAuthority=ACL_ALLOW
                org.alfresco.service.cmr.security.PermissionService.getAllAuthorities=ACL_ALLOW
                org.alfresco.service.cmr.security.PermissionService.getAllPermission=ACL_ALLOW
                org.alfresco.service.cmr.security.PermissionService.getPermissions=ACL_NODE.0.sys:base.ReadPermissions
                org.alfresco.service.cmr.security.PermissionService.getAllSetPermissions=ACL_NODE.0.sys:base.ReadPermissions
                org.alfresco.service.cmr.security.PermissionService.getSettablePermissions=ACL_ALLOW
                org.alfresco.service.cmr.security.PermissionService.hasPermission=ACL_ALLOW
                org.alfresco.service.cmr.security.PermissionService.deletePermissions=ACL_NODE.0.sys:base.ChangePermissions
                org.alfresco.service.cmr.security.PermissionService.deletePermission=ACL_NODE.0.sys:base.ChangePermissions
                org.alfresco.service.cmr.security.PermissionService.setPermission=ACL_NODE.0.sys:base.ChangePermissions
                org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=ACL_NODE.0.sys:base.ChangePermissions
                org.alfresco.service.cmr.security.PermissionService.clearPermission=ACL_NODE.0.sys:base.ChangePermissions
            </value>
        </property>
    </bean>
  


  
  
    <bean id='AuthorityService_security' class='org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor' />
  


  

  
    <bean id='OwnableService_security' class='org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor' />
  
</beans>

Attachments

    Outcomes