Interface Repository

Interface CtsSecurity::AuthorizationService

This specifies an interface for performing authorization and auditing. User can write an implementation of this interface and control the authorization at the Jaguar Package level, Web Application, Application level or Server level. An example of authorization, could be a time based authorization service. For instance, only a select group of users can be permitted to access a resource over the weekend, and during other times, they are not allowed to.

The component type can be one of the following only:

  1. Java CORBA
  2. PowerBuilder NVO
  3. C++ CORBA
  4. Stateless COM

The component must be a stateless component in order to support refresh.

To configure an authorization service at the server level, set the property com.sybase.jaguar.server.authorization.service to the URL by which to access that Jaguar component that implements this service.

To configure an authorization service at the package level, set the property com.sybase.jaguar.package.authorization.service to the name of the URL by which to access the component that implements this interface.

To configure an authorization service at the web application level, set the property com.sybase.jaguar.webapplication.authorization.service to the URL by which to access the component that implements this interface.

To configure an authorization service at the application level, set the property com.sybase.jaguar.application.authorization.service to the URL by which to access the component that implements this interface.

Multiple Packages, WebApplications or Applications may share the same authorization service, by simply setting the same value for the authorization service component. The server will load only 1 instance of the component.

There are 2 accepted forms for the URL.

  1. The URL can be set to the JaguarPackage/JaguarComponent if the component is a Java CORBA, C++ CORBA, Stateless COM or PowerBuilder NVO. The component must be installed in the server.

    For example, to set the authorization service at the server level, set the server level property to com.sybase.jaguar.server.authorization.service=Security/Authorizer assuming, Security is the name of the Jaguar package that containing a Jaguar component called Authorizer that implements this interface.

  2. In addition, Java CORBA and C++ CORBA components may be accessed using the pseudo component object URL. The syntax for a Java pseudo component is: pseudo://java/JavaClass/JaguarPackage/JaguarComponent. The syntax for a C++ pseudo component is: pseudo://cpp/SharedLibraryName/JaguarPackage/JaguarComponent. The authorization service property can also be set to the pseudo component object URL. For example, the server level authorization service can be set to pseudo://cpp/libAuthorize/Security/Authorizer where, libAuthorizer is the name of the shared library that contains the C++ Security/Authorizer component's implementation.

    Components implemented for pseudo component access, must be thread safe. Pseudo components cannot be refreshed. Hence, a server refresh, or refresh of the component using the Jaguar Manager, will not have any effect on the refresh on the authorization service. You must restart the Jaguar Server if there is a need to refresh the authorization service component. For more information on Jaguar Pseudo components, please refer to your Jaguar documentation.

    For performance, the authorization service component may be implemented as a pseudo C++ CORBA component.

A special value for the URL is NONE. This value is used to disable the authorization service component at a component or servlet level. The following conditions however apply:

NOTE: The check for NONE is case-insensitive.

Operation Index

Operations


Generated by Sybase EAServer 4.1