Fedora XACMLAdd policy for getDatastreamHistory unrestricted: nano -w /usr/local/fedora/data/fedora-xacml-policies/repository-policies/default/permit-getDatastreamHistory-unrestricted.xml <?xml version="1.0" encoding="UTF-8"?> <Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="permit-getDatastreamHistory-to-authenticated" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> <Description>Note that other policies may provide exceptions to this broad policy. This policy assumes api-m users have to be authenticated</Description> <Target> <Subjects> <AnySubject/> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <Action> <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:fedora:names:fedora:2.1:action:id-getDatastreamHistory</AttributeValue> <ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:fedora:names:fedora:2.1:action:id"/> </ActionMatch> </Action> </Actions> </Target> <Rule RuleId="1" Effect="Permit"/> </Policy>
nano -w /usr/local/fedora/data/fedora-xacml-policies/repository-policies/default/deny-apim-if-not-localhost.xml <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">150.145.48.43 <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">2a00:1620:0:0:0:0:0:43 <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">150.145.48.47 <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">2a00:1620:0:0:0:0:0:47
/etc/init.d/tomcat7 restart |
repo371/fxacml.txt ยท Last modified: 2014/02/28 12:02 by giancarlo
|
Developers: CNR IRCrES IT Office and Library
Giancarlo Birello (giancarlo.birello _@_ ircres.cnr.it) and Anna Perin (anna.perin _@_ ircres.cnr.it) |
V2P2@TO.CNR is licensed under:
 |
