+49 228 5552576-0


info@predic8.com

Access Control Lists

Restrict access to services and resources with the ACL feature of Membrane Monitor and ESB. An ACL file allows a fine grained configuration of permissions.

Features

Installation

Two steps are required to setup access control using Membrane.

1. Write an ACL File

The following sample declares permissions for some resources:

    <!-- Access to resources under  /open-source/ is permitted only for clients 
    within the IP range from 192.168.2.0 to 192.168.2.255 -->
    <resource uri="/open-source/*">
      <clients>
        <ip>192.168.2.*</ip>
      </clients>
    </resource>
    
    <!-- The resources under /contact/ can only be accessed by localhost. -->
    <resource uri="/contact/*">
      <clients>
        <hostname>localhost</hostname>
      </clients>
    </resource>
  
    <!-- Unrestricted access is granted to all clients for any other resource. -->
    <resource uri="*">
      <clients>
        <any/>
      </clients>
    </resource>
Listing 1: An ACL Sample File

The access control file is processed from top to bottom, therefore the order of the resource elements is important. Save the document to a file e.g. acl.xml.

2. Engage the ACL Feature

Access control is activated by engaging the AccessControlInterceptor using the accessControl element. Only the aclFilename property pointing to your access control list file must be set. The interceptor bean definition looks like this:

    <beans>
	<transport coreThreadPoolSize="20">
	  <ruleMatching />
	  <dispatching />
	  <accessControl file="resources/acl/acl.xml" />			
	  <userFeature />
	  <httpClient />
	</transport>
    </beans>
Listing 2: Applying global AccessControl

ACL Example

Within the Membrane Monitor/Router distribution under the examples/acl directory you can find an ACL sample showing how to setup ACL. It is preconfigured and uses it's own bean and rules configuration files. For a detailed explanation about this example please consult the README.txt file there.

See also

Copyright © 2008-2017 predic8 GmbH
Koblenzerstr. 65, 53173 Bonn, Tel. +49 (228) 555 25 76-0