Page tree

Skip to end of metadata
Go to start of metadata

I see in the latest code that there's an access control list for ServiceManager. 

I've been digging through source code, trying to understand the list.

By the time it gets to ServiceManager it's a hash, with a Service name for the key, and regular expressions to match against a URL for the value.

I can see in where it gets set in ServiceManager, but I cannot find the origin of the data.

Where does this get set?  Who provides the access control list?

/Sam

  • No labels

1 Comment

  1. The platform supports an ACL (Access Control List) for limiting which web pages may access its services.

     

    The ACL provides additional "finer grained" control on top of the "TRUE/FALSE for all pages" provided by the existing enableServiceManager setting.  enableServiceManager is FALSE by default, and must be set to TRUE by the application for the ACL to come into play.

     

    servicesACL is a HashMap.  The key for each entry is the name of a service. The value is an ArrayList containing URL patterns expressed in RegExp syntax. For a web page to access a service, the service must have an entry in the ACL, and one of the patterns for that entry must match the page's URL.

     

    If any services are allowed for a page, then the ServiceManager object will be exposed to the JS running on the the page.

     

    Thus the origin of the ACL entries is the application where it is specified in one of the "*.properties" file.

     

    The ACL is passed from the application (server) which is providing the service to the receiver process via the "servicesACL" property.

    The ACL controls which web pages may access named services. It is only meaningful when the enableServiceManager parameter is true.

     

        If enableServiceManager is FALSE, no services may be accessed by any web page.

     

        If enableServiceManager is TRUE and servicesACL is empty, any service may be accessed by any web page.

     

        If enableServiceManager is TRUE and servicesACL is not empty, the ACL controls which services may be accessed by which web pages.