Pluggable access control for administrative functions
Basics
Logistics
Basics
Logistics
Description
Would like to be able to support reloadable policies for things like IP access rules to access the status handler and similar functions.
Environment
None
Activity
Scott Cantor
July 19, 2014 at 5:35 AM
Built a simple API for access control and facades for reloadable ServiceableComponent layer to expose it to flow actions.
Reworked status flow to demonstrate approach, and moved the IP range rules out of idp.properties and into a policy file. Property now refers to a named policy rule, so we can reuse policies across flows or deployers can create separate rules.
This is extensible to other plugins, but if we want real authentication support, the best way to do that is to build a subflow and run that inside the various admin flows. The subflow could be built to run the simple CheckAccess action or could run the full login subflow, which also supports IP controls.
Would like to be able to support reloadable policies for things like IP access rules to access the status handler and similar functions.