Dashboard > Appistry EAF v3.8 > Documentation > Application Security
Log In   View a printable version of the current page.  
  Application Security

Overview

Application security allows a fabric developer to restrict access to applications, process flows, components and methods. The developer may do so by defining security groups and their user members in a group.cfg file.

Security on the application level

In order to restrict access to the entire application, the developer needs to define a group-access element with groups that are allowed access.

<?xml version='1.0'?>
<!DOCTYPE app SYSTEM 'FabricApp.dtd'>
<app name="restricted_app" version='1.0'>
     <group-access>
          <group name="appGroup1" />
          <group name="appGroup2" />
     </group-access>
        ...
</app>

Create a group.cfg that maps the group names to the users.
The users are created via fabric_user command and are not related to the user accounts defined by the operating system

group.cfg
...
appGroup1=appUser1
appGroup2=appUser2
...
version=1.0

Finally, set the correct username/password on the request object in the client code

...
_request.setUsername("appUser1");
_request.setPassword("secret");
...

Security on the process flow level

In order to restrict access to a process flow, the developer needs to define a process flow group access element with groups that are allowed access.

<?xml version='1.0'?>
<!DOCTYPE process SYSTEM 'ProcessDefinition.dtd'>
<process name="restricted_process_flow">
    <group-access>
        <group name="processGroup1" />
        <group name="processGroup2" />
    </group-access>
    ...
</process>

Security on the component level

In order to restrict access to a component, the developer needs to define a security element with group-access section.

<?xml version="1.0" encoding="utf-8"?>
<java-components xmlns="http://www.appistry.com/ns/component"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xsi:schemaLocation="http://www.appistry.com/ns/component eaf-component.xsd">
 <component name="component">
    <class name="SecuredObject"/>
    <security>
        <group-access>
            <group name="componentGroup1"/>
            <group name="componentGroup2"/>
        </group-access>
    </security>
    ...
 </component>
</java-components>

Security on the component method level

To restrict access to a component method, define a security element inside the method definition:

<?xml version="1.0" encoding="utf-8"?>
<java-components xmlns="http://www.appistry.com/ns/component"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xsi:schemaLocation="http://www.appistry.com/ns/component eaf-component.xsd">
 <component name='component'>
     ...
     <method name="secured_method">
         <security>
             <group-access>
                 <group name="methodGroup1"/>
                 <group name="methodGroup2"/>
             </group-access>
         </security>
     </method>
     ...
 </component>
</java-components>