marmotta-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wik...@apache.org
Subject [2/3] git commit: added new security rules for the configuration
Date Mon, 25 Mar 2013 14:46:18 GMT
added new security rules for the configuration


Project: http://git-wip-us.apache.org/repos/asf/incubator-marmotta/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-marmotta/commit/da42ba66
Tree: http://git-wip-us.apache.org/repos/asf/incubator-marmotta/tree/da42ba66
Diff: http://git-wip-us.apache.org/repos/asf/incubator-marmotta/diff/da42ba66

Branch: refs/heads/master
Commit: da42ba66b535c0a626f61b0994b2c62ba28d60d5
Parents: 086bba8
Author: Sergio Fernández <wikier@apache.org>
Authored: Mon Mar 25 15:45:08 2013 +0100
Committer: Sergio Fernández <wikier@apache.org>
Committed: Mon Mar 25 15:45:08 2013 +0100

----------------------------------------------------------------------
 .../security-profile.restricted.properties         |   18 +++++---------
 .../resources/security-profile.simple.properties   |    4 +-
 .../resources/security-profile.standard.properties |   14 +++++-----
 3 files changed, 16 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-marmotta/blob/da42ba66/platform/marmotta-security/src/main/resources/security-profile.restricted.properties
----------------------------------------------------------------------
diff --git a/platform/marmotta-security/src/main/resources/security-profile.restricted.properties
b/platform/marmotta-security/src/main/resources/security-profile.restricted.properties
index ee42c68..8f0bbcc 100644
--- a/platform/marmotta-security/src/main/resources/security-profile.restricted.properties
+++ b/platform/marmotta-security/src/main/resources/security-profile.restricted.properties
@@ -60,14 +60,14 @@ security.restriction.solr_remote_admin.methods=GET,POST,PUT,DELETE
 security.restriction.solr_remote_admin.priority=2
 
 
-# Security over configuration services: we allow updating for all users in the management
role,
-# reading for everyone
+# Security over configuration services: we allow updating for all 
+# users in the management role, reading for everyone login
 
 # a security rule to restrict all access to updating configuration to the "manager" role
(configured in the container)
-security.permission.config_update.pattern=/config/.*
-security.permission.config_update.methods=POST,PUT,DELETE
-security.permission.config_update.roles=manager
-security.permission.config_update.priority=5
+security.permission.config.pattern=/config/.*
+security.permission.config.methods=GET,HEAD,OPTIONS,POST,PUT,DELETE
+security.permission.config.roles=manager
+security.permission.config.priority=5
 
 # restrict all other updates
 security.restriction.config_update.pattern=/config/.*
@@ -77,10 +77,9 @@ security.restriction.config_update.priority=4
 # allow reading the configuration
 security.permission.config_read.pattern=/config/.*
 security.permission.config_read.methods=GET
+security.permission.config_read.host=LOCAL
 security.permission.config_read.priority=2
 
-
-
 # allow /system admin from managers
 security.permission.system.pattern=/system/.*
 security.permission.system.roles=manager
@@ -242,9 +241,6 @@ security.restriction.resource_write.methods=POST,PUT,DELETE
 security.restriction.resource_write.priority=4
 
 
-
-
-
 # a security rule to restrict all POST/PUT/DELETE access to the system to the "manager" role
 security.permission.default_write.pattern=/.*
 security.permission.default_write.methods=POST,PUT,DELETE

http://git-wip-us.apache.org/repos/asf/incubator-marmotta/blob/da42ba66/platform/marmotta-security/src/main/resources/security-profile.simple.properties
----------------------------------------------------------------------
diff --git a/platform/marmotta-security/src/main/resources/security-profile.simple.properties
b/platform/marmotta-security/src/main/resources/security-profile.simple.properties
index 43f9dd1..ed45be1 100644
--- a/platform/marmotta-security/src/main/resources/security-profile.simple.properties
+++ b/platform/marmotta-security/src/main/resources/security-profile.simple.properties
@@ -72,12 +72,12 @@ security.restriction.security.priority=2
 # a security rule to allow /config admin from localhost
 security.permission.config.pattern=/config/.*
 security.permission.config.host=LOCAL
-security.permission.config.methods=POST,PUT,DELETE
+security.permission.config.methods=GET,HEAD,OPTIONS,POST,PUT,DELETE
 security.permission.config.priority=5
 
 # a security rule to deny /config admin from all other hosts
 security.restriction.config.pattern=/config/.*
-security.restriction.config.methods=POST,PUT,DELETE
+security.restriction.config.methods=GET,HEAD,OPTIONSPOST,PUT,DELETE
 security.restriction.config.priority=2
 
 # a security rule to allow /transaction admin from localhost

http://git-wip-us.apache.org/repos/asf/incubator-marmotta/blob/da42ba66/platform/marmotta-security/src/main/resources/security-profile.standard.properties
----------------------------------------------------------------------
diff --git a/platform/marmotta-security/src/main/resources/security-profile.standard.properties
b/platform/marmotta-security/src/main/resources/security-profile.standard.properties
index 002e6c7..521d1ad 100644
--- a/platform/marmotta-security/src/main/resources/security-profile.standard.properties
+++ b/platform/marmotta-security/src/main/resources/security-profile.standard.properties
@@ -55,15 +55,14 @@ security.restriction.solr_remote_admin.methods=GET,POST,PUT,DELETE
 security.restriction.solr_remote_admin.priority=2
 
 
-# Security over configuration services: we allow updating for all users in the management
role,
-# reading for everyone
-
+# Security over configuration services: we allow updating for all 
+# users in the management role, reading for everyone login
 
 # a security rule to restrict all access to updating configuration to the "manager" role
(configured in the container)
-security.permission.config_update.pattern=/config/.*
-security.permission.config_update.methods=POST,PUT,DELETE
-security.permission.config_update.roles=manager
-security.permission.config_update.priority=5
+security.permission.config.pattern=/config/.*
+security.permission.config.methods=GET,HEAD,OPTIONS,POST,PUT,DELETE
+security.permission.config.roles=manager
+security.permission.config.priority=5
 
 # restrict all other updates
 security.restriction.config_update.pattern=/config/.*
@@ -73,6 +72,7 @@ security.restriction.config_update.priority=4
 # allow reading the configuration
 security.permission.config_read.pattern=/config/.*
 security.permission.config_read.methods=GET
+security.permission.config_read.host=LOCAL
 security.permission.config_read.priority=2
 
 # allow /system admin from managers


Mime
View raw message