First read Special
Folders to understand how they work in the Harbor repository.
To understand Harbors security, one needs to first
understand how a resource is actually addressed in Java.
It has this format
/Harbor_dB_Demo_App/Harbor_dB_Demo_App.jar!/harbor/dbDemo/app/ui/icon.gif
This is how resources and classes are actually
seen by the internal system.
Note the little !
That demarcates where a physical path on disk ends and where the
resource or classpath actually starts.
Now its easy, and one can protect the system
either course of fine grained.
For example if we said to the system... protect
/Harbor_dB_Demo_App/Harbor_dB_Demo_App.jar
Everything in that Jar would be protected.
If we said protect
!/harbor/dbDemo/app/ui
Then everything under that class path will be
protected.
If we said protect
!/harbor/dbDemo/app/ui/icon.gif
only that gif would be protected.
We can also carefully invent security patterns.
This is because the system looks from physical file into the Jar.
Say we invented a special folder called
ONLY_ADMIN_DUDES
Then the path may look like this
/Harbor_dB_Demo_App/ONLY_ADMIN_DUDES/Harbor_dB_Demo_App.jar!/harbor/dbDemo/app/ui/icon.gif
And thus if we set up the security system to
protect
/ONLY_ADMIN_DUDES/
Where ever we put that folder, it becomes
protected.
You just have to be a little careful with this, because the
internal paths actually extend all the way down to the root, or
drive of the machine.
For example if you said protect C:
Then Harbor would protect everything on that drive.
And if you have a folder with the name you have
chosen in the path outside of Harbor, you will wonder why
everything is suddenly protected.
If you make special folders, make them unusual,
and its a good idea to use UPPER-CASE, because typically class
path names are lower case.
Its wonderfully flexible and one can choose to
build the security into hidden class paths, or let the system
admin define the physical paths.
To Protect a URL
|
There are 2 files under
Tomcat\webapps\harbor\META-INF\harbor\conf
url_guard.xml
This allows you to protect a URL in this format
<url urlpattern="/ONLY_ADMIN_DUDES/"
roles="bank_admin,gods"/>
harbor_users.xml
This allows you to define user roles
<user username="Main
Dude" roles="bank_admin"
digest="3408c436Continued" />
|
|
Note that Harbors security system does not take
passwords directly...
You must use the digest generation tool in the toolkit...
http://localhost:8080/harbor/ships/Harbor_Security_Tools.jar
Note that protected URI's can only be accessed from within a
secure session, this makes sure that passwords passed from remote
clients cannot be sniffed.
This example accesses some protected classes in a
class path:
kewlstuff.securitytest.locked.*
so the path we protect is
!/kewlstuff/securitytest/locked
http://localhost:8080/harbor/ships/Harbor_Security_Example_Ship_Locked.jar
If you having problems with secure access, see Secure
Communications and SSL80
This how you put the users UID and Password into
your Ship