Graffito security ----------------- 1. Introduction ------------------- This document describes the Graffito security features. In order to be correctly integrated into a lot of applications, the Graffito security components are based on JAAS. Furthermore, Graffito is using the Jetspeed 2 security components. If needed, thoses compenents can be running outside the Jetspeed 2 engine and can be used for a lot for web applications. 2. The security requirements & the content stores --------------------------------------------------------------- Graffito is an aggragation of different content repositories (Graffito Stores, Webdav servers, JCR servers, ...). Graffito Store is the default store used by Graffito. This content store is based on a simple DB schema accessing trough OJB or any other kind of persistence framework (see the Graffito architecture for more information). Depending of their nature, security requirements can differ from one server to another. 1. For a Graffito store : this kind of store requires authentication, complete user management and authorisation. 2. For external repositories (Webdav, JCR and proprietary content repository) : in the first time, we need only authentication. All other security features like user management, ACL, ... are managed by administion tools provided by thoses external repositories. For example, when Graffito has to retrieve a collection of documents from a Webdav server, this server has to filter this collection depending on the user permissions. In summary, all implementation of the interface "org.apache.jetspeed.cms.store.ContentStore" has to manage thoses security rules depending on their nature. 3. Authentication ----------------------- Authentication is based on org.apache.jetspeed.security.impl.RdbmsPolicy component. This component is using OJB to access to the security setting (users, roles, groups, permissions, ...). Anyway, it is quite easy to used another policy component. For external repositories, there are 2 differents possibilities : 1. The user login used to connect to Graffito can be used to be authenticated to the external repository. 2. The Graffito engine can used a unique login to be authenticated to this repository. 4. User management -------------------------- This section concerns only the Graffito stores ( see "2. The security requirements & the content stores"). All Jetspeed 2 components (org.apache.jetspeed.security.*) and security portlets can be reused in Graffito. 5. Authorisation -------------------- This section concerns only the Graffito stores 2. ( see "2.The security requirements & the content stores"). 3.1. Retrieve a Cms Object ----------------------------------- Applying the security rules for retrieving a cms object is straightforward. When the ContentStore.getCmsObject method is called, the content store has to check if the user can read this object. 3.2. Retrieve a collection of Cms Object ------------------------------------------------- Before returning the complete cms object collection, the method "ContentStore.getCollectionByQuery" has to loop on each collection item found and check if the user can read this cms object. 3.3. Retrieve an iterator of Cms Object ------------------------------------------------- An "secure" iteraotor has to implemented. On each iteratiion, this iterator has to check if the user can access to the current object. 3.4. Other operations --------------------------- Other operations, like create, update, delete, lock, ect ..., can check permissions based on specific action (CREATE, DELETE, LOCK, UPDATE, ...).