ATG Secure Repository
Download as PPTX, PDF2 likes1,720 views
This document discusses securing repositories in ATG. It covers topics like authentication, authorization, configuring a secured repository, defining security at the item, property and descriptor levels using ACLs. It provides examples of securing a sample cricket player repository by wrapping the underlying repository with a secured repository template that defines the security configuration. It also discusses registering the secured repository so it is available in the repository editor and on application startup.
ATG Secure Repository
- 1. ATG - SECURED D a t e : J u l y 6 th, 2 0 1 2 Author : Sanju Thomas REPOSITORY
- 2. SUBJECT MATTER Authentication and Authorization Secured Data Access in ATG ATG Repository Design ATG Secured Repository Design Configure a Secured Repository Item Descriptor Level Security (Object Level ) Repository Item Level Security (Data Level ) Repository Item Property level security (Field Level) ATG Access Control List (ACL) ACL Components and Syntax Secured Repository and Performance Considerations Questions and Answers
- 3. AUTHENTICATION AND AUTHORIZATION Authentication Identity of the user Username/Password Access Card Finger Print Retinal Scan Kerberos Secret Code Two Factor Public/Private Key Digital Signature
- 4. AUTHENTICATION AND AUTHORIZATION Authorization Is authenticated user entitled to perform an action on a resource? has role(s) can perform on a Role Action Resouce User Actions <<extend>> <<extend>> <<extend>> <<extend>> Create Read Update Delete
- 5. SECURED DATA ACCESS IN ATG The ATG secured repository system works in conjunction with the ATG Security System to provide fine -grained access control. S e c u r e Re p o s i to r y A content repository is decorated with security.
- 6. ATG REPOSITORY STATIC DESIGN <<interface>> RepositoryViewContainer <<interface>> <<interface>> <<interface>> Repository DisplayableRepository ProxyableRepository <<interface>> <<interface>> <<interface>> <<interface>> <<interface>> RepositoryImpl SecuredRepository CompositeKeyRepository ContentRepository LoadBatchRepository MutableRepository MutableCompositeKeyRepository LDAPRepository GSARepository CompositeRepository MutableCompositeRepository <<interface>> RepositoryVersionContainer VersionRepository
- 7. ATG SECURE REPOSITORY STATIC DESIGN <<abstract>> Repository <<abstract>> DisplayableRepository GenericService <<abstract>> <<abstract>> <<abstract>> RepositoryWrapper SecuredRepository MutableRepository GenericSecuredRepository <<abstract>> SecuredMutableRepository GenericSecuredMutableRepository <<abstract>> ContentRepository GenericSecuredMutableContentRepository GenericSecuredMutableVersionContentRepository
- 8. CONFIGURE A SECURED REPOSITORY Unsecure Repository Secure Repository IDENTIFIER NAME DOB 1 Rahul Dravid 12-12-1980 2 Sachin Tendulkar 01-01-1980 3 Anil Kumble 03-03-1980 IDENTIFIER NAME GENDER OWNER ITEM_ACL PROPERTY_ACL 1 Rahul Dravid Male Raju Who can do what? Who can do what? 2 Sachin Tendulkar Male Ramesan Who can do what? Who can do what? 3 Anil Kumble Male Nebu Who can do what? Who can do what?
- 9. CONFIGURE A SECURED REPOSITORY Unsecure Repository Secure Repository <item-descriptor name=“cricketer" > <table name="cricketer" type="primary" id-column-names="identifier"> <property name="identifier" column-names="identifier" data-type="string"/> <property name="name" column-names="name" data-type="string"/> <property name="dob" column-names="dob" data-type="date"/> </table> </item-descriptor> <item-descriptor name=“cricketer" default="true"> <table name="cricketer" type="primary" id-column-names="identifier"> <property name="identifier" column-names="identifier" data-type="string"/> <property name="name" column-names="name" data-type="string"/> <property name="dob" column-names="dob" data-type="date"/> <property name="owner" column-names="owner" data-type="string"/> <property name="itemAcl" column-names="item_acl" data-type="string"/> <property name="propertyAcl" column-names="property_acl" data-type="string"/> </table> </item-descriptor>
- 11. DEFINE SECURED REPOSITORY <secured-repository-template> <item-descriptor name="cricketer"> <descriptor-acl value="Admin$role$administrators -group:read,write,create,delete;Admin$role$everyone -group:read <owner-property name="owner"/> <acl-property name="item_acl"/> <creation-base-acl value="Admin$role$administrators-group: read,write,list,destroy,read_owner,write_owner,read_acl,write_acl ; Admin$role$everyone-group:read,list"/> <creation-owner-acl-template value="$:read,write,list,destroy"/> <creation-group-acl-template value="$:read,list"/> <property name="secured_property"> <descriptor-acl value="Admin$role$administrators-group:read,write;Admin$role$everyone -group:read"/> <acl-property name="property_acl"/> <creation-base-acl value="Admin$role$administrators-group:read,write"/> <creation-owner-acl-template value="$:read,write"/> <creation-group-acl-template value="$:read,write"/> </property> </item-descriptor> </secured-repository-template>
- 12. CONFIGURE SECURED REPOSITORY # / c o m / m c f a d ye n / s o l ut io n / S e c ur e d C r i c kete r Re p o s i to r y. p ro p e r t ie s $ c l a s s = a t g . a d a p te r.s e c ur e .G e n e r ic S e c ur e d M ut a b l e Re p o s i to r y $ s c o p e = g lo ba l n a m e = S e c ur e C r i c kete r Re p o s i to r y r e p o s i to r yN a m e = S e c ur e C r ic kete r Re p o s i to r y # t h e u n s e c u r e r e p o s i to r y t h a t w e ' r e w r a p p i n g r e p o s i to r y= C r i c kete r Re p o s i to r y # T h e te m p l a te f i l e t h a t c o n f i g ur e s t h e r e p o s i to r y c o n f i gur a t io n F i le = se c ur e d - c r i c kete r - r e p o s i to r y.x m l # T h e s e c u r i t y c o n f i g ur a t i o n c o m p o n e n t u s e d b y t h e r e p o s i to r y s e c u r i t yC o n fi gur a t io n = / a t g / d yn a m o / s e c ur i t y/ S e c ur e d Re p o s i to r yS e c ur i t yC o n fi g ur a t i o n # Va r i o u s D y n a m o s e r v i c e s w e n e e d X M LTo o ls Fa c to r y = / a t g / d y n am o / s er v i ce / x m l / X M LTo o l s Fa c to r y t r a n s a c t i o n M a n a g e r = / a t g / d y n am o / t r a n s ac t i o n / Tr a n s a c t i o n M a n a g e r
- 13. REGISTER SECURE REPOSITORY In order to expose the two repositories to the ATG Control Center Repository Editor and to activate them on application startup, you must add them to the initial Repositories property of the /atg/registry/ContentRepositories component. i n i t i a l R e p o s i t o r i e s + = / c o m / m c f a d y e n / s o l u t i o n / S e c u r e d C r i c k e t e r R e p o s i t o r y. p r o p e r t i e s , / c o m / m c f a d y e n / s o l u t i o n / C r i c ke t e r R e p o s i t o r y. p r o p e r t i e s
- 15. USER AUTHORITIES
- 16. ATG SECURIT Y SYSTEM Repository 1 Subject User Authority ACL Repository 2 Subject Repository N
- 17. ACCESS CONTROL LIST Identity Access Control List Access Control Entry 1..* Access Right 1..* Grant Deny UD_IDENTITY ::= UD -name '$' principal - type '$' UD - principal – key : access rights Admin$role$administrators-group:list,read,write,delete;deny{Admin$user$Fnord:write,delete};
- 18. QA