The <AccessControlProvider>
element configures a custom access control plugin that can be attached to content using the RequestMapper component.
type
(string)
Identified by type="XML"
, this is an example plugin that implements a simple access control language using XML. It supports combining rules with boolean operators.
The plugin is implemented as a reloadable resource, which means that the XML content can be supplied inline, in a local file, or a remote file, and can be monitored for changes and reloaded on the fly. The root of the XML instance MUST be an <AccessControl>
element.
Inherits attributes supported by reloadable resources.
<AccessControl>
Identified by type="Chaining"
, allows different types of plugins to run in combination.
operator
(string) (required)
<AccessControlProvider>
(one or more)
Identified by type="Time"
, supports time-based access control policies.
Simple booleans are supported natively but complex logic will usually require combining this with the Chaining plugin.
<AccessControlProvider type="Chaining" operator="AND"> <AccessControlProvider type="Chaining" operator="OR"> <AccessControlProvider type="Time"> <Hour>GT 6</Hour> </AccessControlProvider> <AccessControlProvider type="Time"> <Hour>EQ 6</Hour> <Minute>GE 30</Minute> </AccessControlProvider> </AccessControlProvider> <AccessControlProvider type="Time"> <Hour>LE 17</Hour> </AccessControlProvider> </AccessControlProvider> |
operator
(string) (defaults to "AND")
<TimeSinceAuthn>
(zero or more) (ISO 8601 duration, e.g., "PT1H" = 1 hour)
For the remainder of the rules supported, one of a set of relational operators must be supplied, followed by a value to test, separated by whitespace. The operators supported are LT
, LE
, EQ
, GE
, and GT
, representing "less than", "less than or equal", etc.
<Time>
(zero or more) (operator followed by ISO 8601 time string)
<Year>
, <Month>
, <Day>
, <Hour>
, <Minute>
, <Second>
, <DayOfWeek>
(zero or more) (operator followed by numeric value)