Differences between revisions 1 and 2
Revision 1 as of 2005-06-05 13:18:04
Size: 25417
Editor: PhilBurnside
Comment:
Revision 2 as of 2009-09-20 22:02:40
Size: 25417
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
To be used in conjunction with the web.xml file available on ["Getting Started Web.XML"] To be used in conjunction with the web.xml file available on [[Getting_Started_Web.XML]]

To be used in conjunction with the web.xml file available on Getting_Started_Web.XML

<?xml version="1.0"?>
<!-- Phillip Burnside, 12/05/2005.
I have customised this Domain.xml file to simplify the implementation of a SLIDE namespace and store.
You will find an original Domain.sample available within the bundled software downloaded from Apache.
I have included comments with the identifier "#Phil - dd/mm/yyyy"
-->
<slide>
    <namespace name="primary">
        <definition>
            <store name="primary">
                <parameter name="tlock-timeout">120</parameter>
                <nodestore classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
<!-- #Phil 12/05/2005
I changed the default on these paths to point to a manageable subdirectory.
The default is "C:/" but it doesn't tell you that
-->
                    <parameter name="rootpath">D:/SLIDESTORE/primary/store/metadata</parameter>
                    <parameter name="workpath">D:/SLIDESTORE/primary/work/metadata</parameter>
                    <parameter name="defer-saving">true</parameter>
                    <parameter name="timeout">120</parameter>
                </nodestore>
                <sequencestore classname="org.apache.slide.store.txfile.FileSequenceStore">
                    <parameter name="rootpath">/primary/store/sequence</parameter>
                </sequencestore>
                <securitystore>
                    <reference store="nodestore"/>
                </securitystore>
                <lockstore>
                    <reference store="nodestore"/>
                </lockstore>
                <revisiondescriptorsstore>
                    <reference store="nodestore"/>
                </revisiondescriptorsstore>
                <revisiondescriptorstore>
                    <reference store="nodestore"/>
                </revisiondescriptorstore>
                <contentstore classname="org.apache.slide.store.txfile.TxFileContentStore">
                    <parameter name="rootpath">/primary/store/content</parameter>
                    <parameter name="workpath">/primary/work/content</parameter>
                    <parameter name="defer-saving">true</parameter>
                    <parameter name="timeout">120</parameter>
                </contentstore>
                <!-- uncomment if you want to use the sample Indexer -->
                <!-- be sure to have Lucene in your classpath             -->
                <!--
                <contentindexer classname="org.apache.slide.index.SampleTxtContainsIndexer">
                <parameter name="indexpath">./index</parameter>
                </contentindexer>
        -->
            </store>
<!-- #Phil - 12/05/2005
This is where you define the scope of your namespace. Defining it as "/" means this is the default
store for the namespace. This has more relevance when implementing multiple stores.
Effectively this maps a call to SLIDE to it's store. In order to invoke this store simply call 
"http://localhost:8080/slide"
-->
                <scope match="/" store="primary"/>
        </definition>
        <configuration>
<!-- #Phil - 12/05/2005
Even though you may have a store mapping to the path "primary" it is best to define the actions
at the highest level. This is done so that all further stores can use these bindings without
having to redefine them. The security for these actions will still be controlled within the 
store security.
-->
            <!-- Actions mapping -->
            <read-object>/actions/read</read-object>
            <create-object>/actions/write</create-object>
            <remove-object>/actions/write</remove-object>
            <grant-permission>/actions/write-acl</grant-permission>
            <revoke-permission>/actions/write-acl</revoke-permission>
            <read-permissions>/actions/read-acl</read-permissions>
            <read-own-permissions>/actions/read-current-user-privilege-set</read-own-permissions>
            <lock-object>/actions/write</lock-object>
            <kill-lock>/actions/unlock</kill-lock>
            <read-locks>/actions/read</read-locks>
            <read-revision-metadata>/actions/read</read-revision-metadata>
            <create-revision-metadata>/actions/write-properties</create-revision-metadata>
            <modify-revision-metadata>/actions/write-properties</modify-revision-metadata>
            <remove-revision-metadata>/actions/write-properties</remove-revision-metadata>
            <read-revision-content>/actions/read</read-revision-content>
            <create-revision-content>/actions/write-content</create-revision-content>
            <modify-revision-content>/actions/write-content</modify-revision-content>
            <remove-revision-content>/actions/write-content</remove-revision-content>
            <bind-member>/actions/bind</bind-member>
            <unbind-member>/actions/unbind</unbind-member>

<!-- #Phil - 12/05/2005
The key things to be aware of here are :
Users are defined within the store. This prevents any users having global access to all stores. If you want this 
        then define them as "/users/name". This path setting will be the default path used by the primary store.
Roles need to be defined at the root level. This has something to do with the Tomcat realm configuration and
        needs to be investigated further.
Actions can be defined at root or store level. This is up to you howver to share actions across stores it is better
        to define them and their binding at the root level.
acl_inheritance_type has four values (see here for more details http://jakarta.apache.org/slide/howto-acl.html)
        The key thing to note is that if you turn inheritance to "none" you need to define the security for every
        level under /primary. This could become cumbersome. Similarly if you use the option "root" you need to define
        all of the security at the root level then refine at lower levels.
-->
            <!-- Paths configuration -->
            <userspath>/primary/users</userspath>
            <rolespath>/roles</rolespath>
            <actionspath>/actions</actionspath>
            <filespath>/primary/main</filespath>
            <parameter name="dav">true</parameter>
            <parameter name="standalone">true</parameter>
            <parameter name="acl_inheritance_type">path</parameter>

            <!-- Nested roles: 0 means no nesting (default), 1 means one sublevel, etc. -->
            <parameter name="nested_roles_maxdepth">0</parameter>
            <!-- Can be "off", "write" and "full" -->
            <parameter name="sequential-mode">full</parameter>
            <!-- "false" lets all read-only methods be executed outside of transactions -->
            <parameter name="all-methods-in-transactions">true</parameter>
            <!-- Setting this to true will force Slide to internally convert the username a user
                 enters at login to lowercase. This is useful for users who can't be bothered
                 with turning off their capslock key before logging in. -->
            <parameter name="force-lowercase-login">false</parameter>
        </configuration>
        <data>
            <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/">
                <!-- Subject can be:
                any user             "all"
                authenticated user   "authenticated"
                unauthenticated user "unauthenticated"
                self                 "self"
                owner of resource    "owner"
                a user               "/primary/users/john"
                a role               "/primary/roles/admin"
                -->
<!-- #Phil - 12/05/2005
Now this is the fun bit. I have taken out the samples provided by the apache team as they do seem to confuse things. 
I have defined 2 users - "user1" and "user2". User1 gets the properties to write files explicitly whilst
user2 gets them by being a member of a role.
You will notice that you have to define the access rights at each node level in the collection tree. Hence the definitions
below which define actions available at "/". If you remove a permission for either user1 or role editor then that
permission will be removed for all collections beneath "/".
By all means play with this until you are happy that you have it straight. Once you do then look at the sample provided
by Apache and it should make alot more sense.
NOTE - At the time of writing there was a bug with the security model. When it is loaded the new permissions are added
to existing permissions on collections NOT replacing them. You need to flush the security buffers of the metadata in order
to have new permissions take full hold. Please see "Tips and Tricks" on the WebDAV Open Source Wiki (hopefully still
here - http://10.233.106.142:8080/xwiki/bin/view/Main/TipsandTricks)
-->
                <permission action="/actions/read-acl" subject="all" inheritable="true"/>
                <permission action="/actions/write-acl" subject="all" inheritable="true"/>
                <permission action="/actions/unlock" subject="all" inheritable="true"/>
                <permission action="/actions/read" subject="all" inheritable="true"/>
                    <permission action="/actions/write" subject="/primary/users/user1" inheritable="true"/>
                    <permission action="/actions/bind" subject="/primary/users/user1" inheritable="true"/>
                    <permission action="/actions/write" subject="/roles/editor" inheritable="true"/>
                    <permission action="/actions/bind" subject="/roles/editor" inheritable="true"/>
                <!-- /users -->
                <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/users">
                    <permission action="all" subject="self" inheritable="true"/>
                    <permission action="all" subject="/primary/roles/projector" inheritable="true"/>
                    <permission action="" subject="unauthenticated" inheritable="true" negative="true"/>
                    <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/users/user1">
                        <revision>
                            <property  name="password">user1</property> 
                        </revision>
                    </objectnode>
                    <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/users/user2">
                        <revision>
                            <property  name="password">user2</property> 
                        </revision>
                    </objectnode>
                </objectnode>
                <!-- /roles -->
                <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/roles">
                    <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/roles/editor">
                        <revision>
                            <property name="group-member-set"><![CDATA[<D:href xmlns:D='DAV:'>/primary/users/user2</D:href>]]></property>                                   
                        </revision>
                    </objectnode>
                </objectnode>
                <!-- action -->
                <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions">
                    <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/read">
                        <revision>
                            <property name="privilege-member-set"><![CDATA[
                                                <D:href xmlns:D='DAV:'>/actions/read-acl</D:href> 
                                                <D:href xmlns:D='DAV:'>/actions/read-current-user-privilege-set</D:href>]]>
                                    </property>
                        </revision>
                    </objectnode>
                    <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/read-acl">
                        <revision>
                            <property name="privilege-member-set"/>
                        </revision>
                    </objectnode>
                    <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/read-current-user-privilege-set">
                        <revision>
                            <property name="privilege-member-set"/>
                        </revision>
                    </objectnode>
                    <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/write">
                        <revision>
                            <property name="privilege-member-set"><![CDATA[
                                                <D:href xmlns:D='DAV:'>/actions/write-acl</D:href> 
                                                <D:href xmlns:D='DAV:'>/actions/write-properties</D:href> 
                                                <D:href xmlns:D='DAV:'>/actions/write-content</D:href>]]>
                                    </property>
                        </revision>
                    </objectnode>
                    <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/write-acl">
                        <revision>
                            <property name="privilege-member-set"/>
                        </revision>
                    </objectnode>
                    <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/write-properties">
                        <revision>
                            <property name="privilege-member-set"/>
                        </revision>
                    </objectnode>
                    <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/write-content">
                        <revision>
                            <property name="privilege-member-set"><![CDATA[
                                                <D:href xmlns:D='DAV:'>/actions/bind</D:href> 
                                                <D:href xmlns:D='DAV:'>/actions/unbind</D:href>]]>
                                    </property>
                        </revision>
                    </objectnode>
                    <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/bind">
                        <revision>
                            <property name="privilege-member-set"/>
                        </revision>
                    </objectnode>
                    <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/unbind">
                        <revision>
                            <property name="privilege-member-set"/>
                        </revision>
                    </objectnode>
                    <objectnode classname="org.apache.slide.structure.ActionNode" uri="/actions/unlock">
                        <revision>
                            <property name="privilege-member-set"/>
                        </revision>
                    </objectnode>
                </objectnode>
<!-- #Phil - 12/05/2005
This is what I meant by inheriting through the collection nodes. If you take the permission away from "/primary"
then the user/role will not have the permission at "/primary/main". Have a go...it can be entertaining.
In this build I have disables "/roles/editor" from adding files to "/primary" and therefore "/primary/main"
To enable it either remove the "negative=" parameter or set it to "false"
TIP - do remember to flush the security buffers in the metadata otherwise weird and wonderful things will happen.
-->
                <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary">
                            <permission action="/actions/write" subject="/primary/users/user1" inheritable="true"/>
                            <permission action="/actions/bind" subject="/primary/users/user1" inheritable="true"/>
                          <permission action="/actions/write" subject="/roles/editor" inheritable="true" negative="true"/>
                          <permission action="/actions/bind" subject="/roles/editor" inheritable="true"/>
                        <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/main">
                      <permission action="/actions/write" subject="/primary/roles/root" inheritable="true"/>
                        <permission action="/actions/read-acl" subject="owner" inheritable="true"/>
                                  <permission action="/actions/write" subject="/primary/users/user1" inheritable="true"/>
                                  <permission action="/actions/bind" subject="/primary/users/user1" inheritable="true"/>
                                <permission action="/actions/write" subject="/primary/roles/editor" inheritable="true"/>
                                <permission action="/actions/bind" subject="/primary/roles/editor" inheritable="true"/>
                            </objectnode>
                    </objectnode>
<!-- #Phil - 12/05/2005
These collections were all defined within the base build. All I have done is move them under the "/primary" collection.
I have done this to isolate the files from any additional stores which might be defined.
-->
                <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/projector">
                    <permission action="/actions/write" subject="/primary/roles/projector" inheritable="true"/>
                    <permission action="/actions/read-acl" subject="owner" inheritable="true"/>
                        <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/projector/work">
                        </objectnode>
                </objectnode>
                <!-- DeltaV: default history and workspace paths -->
                <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/history">
                    <permission action="all" subject="unauthenticated" inheritable="true"/>
                    <permission action="/actions/write" subject="/primary/roles/user" inheritable="true"/>
                    <permission action="/actions/read-acl" subject="owner" inheritable="true"/>
                          <permission action="/actions/read" subject="all" inheritable="true"/>
                </objectnode>
                <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/workspace">
                    <permission action="all" subject="unauthenticated" inheritable="true"/>
                    <permission action="/actions/write" subject="/primary/roles/user" inheritable="true"/>
                    <permission action="/actions/read-acl" subject="owner" inheritable="true"/>
                </objectnode>
                <objectnode classname="org.apache.slide.structure.SubjectNode" uri="/primary/workingresource">
                    <permission action="all" subject="unauthenticated" inheritable="true"/>
                    <permission action="/actions/write" subject="/primary/roles/user" inheritable="true"/>
                    <permission action="/actions/read-acl" subject="owner" inheritable="true"/>
                </objectnode>
            </objectnode>
        </data>
    </namespace>
    <!--
    DeltaV global parameters
    ========================
    * historypath (mandatory=no, default="/history"):
    Specifies a Slide path which determines the location where this DeltaV
    server stores history data.

    * workspacepath (mandatory=no, default="/workspace"):
    Specifies a Slide path which determines the location where this DeltaV
    server allows workspaces to reside.

    * workingresourcepath (mandatory=no, default="/workingresource"):
    Specifies a Slide path which determines the location where this DeltaV
    server stores working resources.

    * auto-version (mandatory=no, default="checkout-checkin"):
    Controls the DeltaV auto-version behaviour.

    * auto-version-control (mandatory=no, default="false"):
    Indicates if a resource just created by a PUT should be set under
    version-control.

    * versioncontrol-exclude (mandatory=no, default=""):
    Specifies a Slide path which determines resources which are excluded from version-control.
    The default value "" makes no path being excluded.

    * checkout-fork (mandatory=no, default="forbidden"):
    Controls the DeltaV check-out behaviour when a version is already
    checked-out or has a successor.

    * checkin-fork (mandatory=no, default="forbidden"):
    Controls the DeltaV check-out behaviour when a version has already a
    successor.

    * standardLivePropertiesClass (mandatory=no,
    default="org.apache.slide.webdav.util.resourcekind.AbstractResourceKind"):
    Determines the "agent" knowing about what the standard live properties are.
    It should be a loadable class containing the following static methods:
    - boolean isLiveProperty(String propName)
    - boolean isProtectedProperty(String propName)
    - boolean isComputedProperty(String propName)
    - Set getAllLiveProperties()
    - Set getAllProtectedProperties()
    - Set getAllComputedProperties()

    * uriRedirectorClass (mandatory=no,
    default="org.apache.slide.webdav.util.DeltavUriRedirector"):
    Determines the URI redirector class. The DeltaV URI redirector is in
    charge of the following redirections:
    - version URI to history URI, e.g. /history/2/1.4 to /history/2
    - latest revision number for history resource to 0.0
    - latest revision number for version resource to last URI token,
    e.g. /history/2/1.4 to 1.4
    It should be a loadable class containing the following static methods:
    - String redirectUri(String uri)
    - NodeRevisionNumber redirectLatestRevisionNumber(String uri)
    -->

<!-- #Phil - 12/05/2005
Have again taken this as verbatim. The only addition is to move the collections under the "/primary" collection.
-->
    <parameter name="historypath">/primary/history</parameter>
    <parameter name="workspacepath">/primary/workspace</parameter>
    <parameter name="workingresourcepath">/primary/workingresource</parameter>
    <parameter name="auto-version">checkout-checkin</parameter>
    <parameter name="auto-version-control">true</parameter>
    <parameter name="versioncontrol-exclude"/>
    <parameter name="checkout-fork">forbidden</parameter>
    <parameter name="checkin-fork">forbidden</parameter>


    <!-- Extractor configuration -->
    <extractors>
        <extractor classname="org.apache.slide.extractor.SimpleXmlExtractor" uri="/primary/files/articles/test.xml">
            <configuration>
                <instruction property="title" xpath="/article/title/text()" />
                <instruction property="summary" xpath="/article/summary/text()" />
            </configuration>
        </extractor>
        <extractor classname="org.apache.slide.extractor.OfficeExtractor" uri="/primary/files/docs/">
            <configuration>
                <instruction property="author" id="SummaryInformation-0-4" />
                <instruction property="application" id="SummaryInformation-0-18" />
            </configuration>
        </extractor>
    </extractors>

    <!-- Event configuration -->
    <events>
        <event classname="org.apache.slide.webdav.event.WebdavEvent" enable="true" />
        <event classname="org.apache.slide.event.ContentEvent" enable="true" />
        <event classname="org.apache.slide.event.ContentEvent" method="retrieve" enable="false" />
        <event classname="org.apache.slide.event.EventCollection" enable="true" />
        <event classname="org.apache.slide.event.TransactionEvent" enable="true" />

        <event classname="org.apache.slide.event.MacroEvent" enable="true"/>

        <!--listener classname="org.apache.slide.util.event.EventLogger" /-->
        <listener classname="org.apache.slide.event.VetoableEventCollector" />
        <listener classname="org.apache.slide.event.TransientEventCollector" />
        <listener classname="org.apache.slide.webdav.event.NotificationTrigger">
            <configuration>
                <notification include-events="false" />
                <persist-subscriptions filename="subscriptions.xml" />
            </configuration>
        </listener>
        <listener classname="org.apache.slide.extractor.PropertyExtractorTrigger" />
        <listener classname="org.apache.slide.search.IndexTrigger">
            <configuration>
                <indexer classname="org.apache.slide.search.LoggingIndexer" synchronous="false" uri="/primary/files/articles" />
            </configuration>
        </listener>
        
                <!-- Uncomment for cluster support. Be sure to local-host and repository-host -->
                <!--
                <listener classname="org.apache.slide.cluster.ClusterCacheRefresher">
                        <configuration>
                                <node local-host="local.host.domain"
                                      local-port="4444"
                                          repository-host="remote.host.domain"
                                          repository-port="8080"
                                          repository-protocol="http"
                                          username="root"
                                          password="root"
                                          base-uri="/files/"
                                />
                        </configuration>
                </listener>
                -->

        <listener classname="org.apache.slide.macro.MacroPropertyUpdater">
          <!-- Listener that updates some properties if resources are 
               copied or moved.  This requires MacroEvents enabled (at 
               least methods copy and move) -->
          <configuration>
            <update-displayname>true</update-displayname>
            <update-owner-on-move>false</update-owner-on-move>
            <update-owner-on-copy>true</update-owner-on-copy>
          </configuration>
        </listener>
    </events>
</slide>

Getting_Started_Domain.XML (last edited 2009-09-20 22:02:40 by localhost)