| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="utf-8"> |
| <meta name="viewport" content="width=device-width,initial-scale=1"> |
| <title>Security :: Apache Isis</title> |
| <link rel="canonical" href="https://isis.apache.org/security/2.0.0-M6/about.html"> |
| <meta name="generator" content="Antora 2.3.4"> |
| <link rel="stylesheet" href="../../_/css/site.css"> |
| <link rel="stylesheet" href="../../_/css/site-custom.css"> |
| <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,700,700i|Raleway:300,400,500,700,800|Montserrat:300,400,700" rel="stylesheet"> |
| <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.css"/> |
| <link rel="home" href="https://isis.apache.org" title="Apache Isis"> |
| <link rel="next" href="core/about.html" title="Security Component SPI"> |
| </head> |
| <body class="article"> |
| <header class="header"> |
| <nav class="navbar"> |
| <div class="navbar-brand"> |
| <a class="navbar-item" href="https://isis.apache.org"> |
| <span class="icon"> |
| <img src="../../_/img/isis-logo-48x48.png"></img> |
| </span> |
| <span>Apache Isis</span> |
| </a> |
| <button class="navbar-burger" data-target="topbar-nav"> |
| <span></span> |
| <span></span> |
| <span></span> |
| </button> |
| </div> |
| <div id="topbar-nav" class="navbar-menu"> |
| <a class="navbar-end"> |
| <div class="navbar-item hide-for-print"> |
| <span> |
| <input id="algolia-search-input" placeholder="Search"></span> |
| </span> |
| </div> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">Quick Start</a> |
| <div class="navbar-dropdown"> |
| <span class="navbar-item navbar-heading">Starter Apps</span> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/starters/helloworld.html">Hello World</a> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/starters/simpleapp.html">Simple App</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Demos & Tutorials</span> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/demo/about.html">Demo App</a> |
| <a class="navbar-item" href="https://danhaywood.gitlab.io/isis-petclinic-tutorial-docs/petclinic/1.16.2/intro.html">Petclinic (tutorial)</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Resources</span> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/resources/cheatsheet.html">Cheatsheet</a> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/resources/icons.html">Icons</a> |
| </div> |
| </div> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">Guides</a> |
| <div class="navbar-dropdown"> |
| <span class="navbar-item navbar-heading">Development</span> |
| <a class="navbar-item" href="../../setupguide/2.0.0-M6/about.html">Setup Guide</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Core</span> |
| <a class="navbar-item" href="../../userguide/2.0.0-M6/about.html">User Guide</a> |
| <a class="navbar-item" href="../../refguide/2.0.0-M6/about.html">Reference Guide</a> |
| <a class="navbar-item" href="../../testing/2.0.0-M6/about.html">Testing Guide</a> |
| </div> |
| </div> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">Components</a> |
| <div class="navbar-dropdown"> |
| <span class="navbar-item navbar-heading">Viewers</span> |
| <a class="navbar-item" href="../../vw/2.0.0-M6/about.html">Web UI (Wicket)</a> |
| <a class="navbar-item" href="../../vro/2.0.0-M6/about.html">REST API (Restful Objects)</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Persistence</span> |
| <a class="navbar-item" href="../../pjpa/2.0.0-M6/about.html">JPA (EclipseLink)</a> |
| <a class="navbar-item" href="../../pjdo/2.0.0-M6/about.html">JDO (DataNucleus)</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Security</span> |
| <a class="navbar-item" href="../../security/2.0.0-M6/about.html">Security Guide</a> |
| <hr class="navbar-divider"/> |
| </div> |
| </div> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">Libraries</a> |
| <div class="navbar-dropdown"> |
| <span class="navbar-item navbar-heading">For Use in Apps</span> |
| <a class="navbar-item" href="../../subdomains/2.0.0-M6/about.html">Subdomain Libraries</a> |
| <a class="navbar-item" href="../../valuetypes/2.0.0-M6/about.html">Value Type Catalog</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Integrate between Apps</span> |
| <a class="navbar-item" href="../../mappings/2.0.0-M6/about.html">Bounded Context Mapping Libraries</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Extending the framework itself</span> |
| <a class="navbar-item" href="../../extensions/2.0.0-M6/about.html">Extensions Catalog</a> |
| </div> |
| </div> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">Support</a> |
| <div class="navbar-dropdown"> |
| <span class="navbar-item navbar-heading">Contact</span> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/support/slack-channel.html">Slack</a> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/support/mailing-list.html">Mailing Lists</a> |
| <a class="navbar-item" href="https://issues.apache.org/jira/browse/ISIS">JIRA</a> |
| <a class="navbar-item" href="https://stackoverflow.com/questions/tagged/isis">Stack Overflow</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Releases</span> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/downloads/how-to.html">Downloads</a> |
| <a class="navbar-item" href="../../relnotes/2.0.0-M6/about.html">Release Notes</a> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/archive/1-x.html">Archive (1.x)</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Framework</span> |
| <a class="navbar-item" href="../../conguide/2.0.0-M6/about.html">Contributors' Guide</a> |
| <a class="navbar-item" href="../../comguide/2.0.0-M6/about.html">Committers' Guide</a> |
| <a class="navbar-item" href="../../core/2.0.0-M6/about.html">Core Design</a> |
| </div> |
| </div> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">ASF</a> |
| <div class="navbar-dropdown"> |
| <a class="navbar-item" href="http://www.apache.org/">Apache Homepage</a> |
| <a class="navbar-item" href="https://www.apache.org/events/current-event">Events</a> |
| <a class="navbar-item" href="https://www.apache.org/licenses/">Licenses</a> |
| <a class="navbar-item" href="https://www.apache.org/security/">Security</a> |
| <a class="navbar-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a> |
| <a class="navbar-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a> |
| <hr class="navbar-divider"/> |
| <a class="navbar-item" href="https://whimsy.apache.org/board/minutes/Isis.html">PMC board minutes</a> |
| </div> |
| </div> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/about.html"> |
| <span class="icon"> |
| <img src="../../_/img/home.png"></img> |
| </span> |
| </a> |
| </div> |
| </div> |
| </nav> |
| </header> |
| <div class="body "> |
| <div class="nav-container" data-component="security" data-version="2.0.0-M6"> |
| <aside class="nav"> |
| <div class="panels"> |
| <div class="nav-panel-pagination"> |
| <a class="page-previous disabled" rel="prev" href="" title=""><span></span></a> |
| <a class="page-next" rel="next" |
| href="core/about.html" title="Security Component SPI"><span></span></a> |
| <!-- |
| page.parent doesn't seem to be set... |
| <a class="page-parent disabled" rel="prev" href="" title=""><span></span></a> |
| --> |
| </div> |
| <div class="nav-panel-menu is-active" data-panel="menu"> |
| <nav class="nav-menu"> |
| <h3 class="title"><a href="about.html">Security Guide</a></h3> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="0"> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="core/about.html">Security Component SPI</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="bypass/about.html">Bypass Implementation</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="shiro/about.html">Shiro Implementation</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="keycloak/about.html">Keycloak Implementation</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="spring/about.html">Spring Implementation</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="usage-by-isis-viewers.html">Usage by Isis Viewers</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Extensions</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="shiro-realm-ldap/about.html">Shiro LDAP Realm</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="spring-oauth2/about.html">Spring OAuth2 Integration</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="secman/about.html">SecMan</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="secman/setting-up.html">Setting up</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="secman/setting-up-with-shiro.html">Setting up with Shiro</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="audit-trail/about.html">Audit Trail</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="session-log/about.html">Session Log</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </nav> |
| </div> |
| <div class="nav-panel-explore" data-panel="explore"> |
| <div class="context"> |
| <span class="title">Security Guide</span> |
| <span class="version">2.0.0-M6</span> |
| </div> |
| <ul class="components"> |
| <li class="component"> |
| <span class="title"> </span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../docs/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../docs/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">BC Mapping Libraries</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../mappings/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../mappings/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Committers' Guide</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../comguide/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../comguide/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Contributors' Guide</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../conguide/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../conguide/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Design Docs</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../core/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../core/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Extensions Catalog</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../extensions/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../extensions/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Incubator Catalog</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../incubator/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../incubator/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">JDO/DataNucleus</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../pjdo/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../pjdo/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">JPA</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../pjpa/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../pjpa/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Reference Guide</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../refguide/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../refguide/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Release Notes</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../relnotes/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../relnotes/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">REST API (Restful Objects Viewer)</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../vro/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../vro/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component is-current"> |
| <span class="title">Security Guide</span> |
| <ul class="versions"> |
| <li class="version is-current is-latest"> |
| <a href="about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Setup Guide</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../setupguide/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../setupguide/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Subdomains Catalog</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../subdomains/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../subdomains/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Testing Guide</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../testing/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../testing/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Tooling</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../tooling/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../tooling/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">User Guide</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../userguide/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../userguide/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Value Types Catalog</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../valuetypes/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../valuetypes/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Web UI (Wicket Viewer)</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../vw/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../vw/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </aside> |
| </div> |
| <main role="main"> |
| <div class="toolbar" role="navigation"> |
| <button class="nav-toggle"></button> |
| <a href="../../docs/2.0.0-M6/about.html" class="home-link"></a> |
| <nav class="breadcrumbs" aria-label="breadcrumbs"> |
| <ul> |
| <li><a href="about.html">Security Guide</a></li> |
| <li><a href="about.html">Security</a></li> |
| </ul> |
| </nav> |
| <div class="page-versions"> |
| <button class="version-menu-toggle" title="Show other versions of page">2.0.0-M6</button> |
| <div class="version-menu"> |
| <a class="version is-current" href="about.html">2.0.0-M6</a> |
| <a class="version" href="../2.0.0-M5/about.html">2.0.0-M5</a> |
| </div> |
| </div> |
| <div class="edit-this-page"><a href="https://github.com/apache/isis/edit/2.0.0-M6/security/adoc/modules/ROOT/pages/about.adoc">Edit</a></div> |
| </div> |
| <article class="doc"> |
| <a name="section-top"></a> |
| <h1 class="page">Security</h1> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>This guide describes how to secure your Apache Isis application by configuring an appropriate implementation of its authentication and authorization SPIs.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="security-architecture"><a class="anchor" href="#security-architecture"></a>Security Architecture</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Apache Isis defines an SPI for both authentication and authorization:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>By "authentication" we mean logging into the application using some credentials, typically a username and password. |
| Authentication also means looking up the set of roles to which a user belongs.</p> |
| <div class="paragraph"> |
| <p>The framework allows for different authentication mechanisms through the <a href="../../refguide/2.0.0-M6/core/index/security/authentication/Authenticator.html" class="page">Authenticator</a> SPI. |
| .</p> |
| </div> |
| </li> |
| <li> |
| <p>By "authorization" we mean permissions: granting roles to have access to features (domain object members) of the app, and granting users to those roles.</p> |
| <div class="paragraph"> |
| <p>The framework allows for different authorization mechanisms through the <a href="../../refguide/2.0.0-M6/core/index/security/authorization/Authorizor.html" class="page">Authorizor</a> SPI.</p> |
| </div> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>There are several implementations of these SPIs to choose from; these make up the bulk of this guide.</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p><a href="bypass/about.html" class="page">Bypass Implementation</a></p> |
| </li> |
| <li> |
| <p><a href="shiro/about.html" class="page">Shiro Implementation</a></p> |
| </li> |
| <li> |
| <p><a href="keycloak/about.html" class="page">Keycloak Implementation</a></p> |
| </li> |
| <li> |
| <p><a href="spring/about.html" class="page">Spring Implementation</a></p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="permissions"><a class="anchor" href="#permissions"></a>Permissions</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The <a href="../../refguide/2.0.0-M6/core/index/security/authorization/Authorizor.html" class="page">Authorizor</a> SPI defines two types of permissions:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p><em>Read</em> permission means that the user can view the object member; it will be rendered in the UI.</p> |
| <div class="paragraph"> |
| <p>An action with only read permission will be shown disabled ("greyed out"); a property with read-only permission cannot be edited.</p> |
| </div> |
| </li> |
| <li> |
| <p><em>Write</em> permission means that the object member can be changed.</p> |
| <div class="paragraph"> |
| <p>For actions this means that they can be invoked.</p> |
| </div> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>If there is neither <em>read</em> nor <em>write</em> permissions then the feature will be invisible to the user.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="auditing"><a class="anchor" href="#auditing"></a>Auditing</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>A further aspect of security is auditing: recording what data was modified by which user.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Apache Isis provides the <a href="#refguide:applib:index/services/iactn/InteractionContext.adoc" class="page unresolved">InteractionContext</a> can be used to track the actions being invoked, and the <a href="../../refguide/2.0.0-M6/applib/index/services/publishing/spi/EntityPropertyChangeSubscriber.html" class="page">EntityPropertyChangeSubscriber</a> captures what data was modified as a result (auditing). |
| When <a href="../../refguide/2.0.0-M6/applib/index/services/iactn/Interaction.html" class="page">Interaction</a>s are persisted (eg by way of the <a href="../../mappings/2.0.0-M6/outbox-publisher/about.html" class="page">Outbox Publisher</a> mapping module) then this provides excellent traceability. |
| The <a href="audit-trail/about.html" class="page">Audit Trail</a> module provides an implementation of the <a href="../../refguide/2.0.0-M6/applib/index/services/publishing/spi/EntityPropertyChangeSubscriber.html" class="page">EntityPropertyChangeSubscriber</a> that persists audit entries to the database.</p> |
| </div> |
| <div class="paragraph"> |
| <p>For <a href="../../refguide/2.0.0-M6/applib/index/services/publishing/spi/CommandSubscriber.html" class="page">CommandSubscriber</a> SPI can be also be used to capture actions. |
| The <a href="../../userguide/2.0.0-M6/command-log/about.html" class="page">Command Log</a> extension provides a simple implementation of this SPI.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="programmers-api"><a class="anchor" href="#programmers-api"></a>Programmers' API</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>Generally speaking your domain objects (or more generally your application) should be agnostic of the user/roles that are interacting with them; applying security permissions is the responsibility of the framework.</p> |
| </div> |
| <div class="paragraph"> |
| <p>If you need to determine the identity of the current user, you can usually use Apache Isis' <a href="../../refguide/2.0.0-M6/applib/index/services/user/UserService.html" class="page">UserService</a> API, in the form of <a href="../../refguide/2.0.0-M6/applib/index/services/user/UserMemento.html" class="page">UserMemento</a>.</p> |
| </div> |
| <div class="paragraph"> |
| <p>For example:</p> |
| </div> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="highlightjs highlight"><code class="language-java hljs" data-lang="java">final UserMemento user = userService.getUser(); |
| final List<RoleMemento> roles = user.getRoles(); |
| for (RoleMemento role : roles) { |
| String roleName = role.getName(); |
| ... |
| }</code></pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>Each role’s <code>name</code> property encodes both the realm that provided the role, and the role identity itself.</p> |
| </div> |
| <div class="paragraph"> |
| <p>If using the <a href="../../vw/2.0.0-M6/about.html" class="page">Wicket viewer</a>, then note there will also be another role which is used internally (namely <code>org.apache.isis.viewer.wicket.roles.USER</code>).</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="extensions"><a class="anchor" href="#extensions"></a>Extensions</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>In addition to the security SPI implementations, there are a number of security-related extesions.</p> |
| </div> |
| <div class="paragraph"> |
| <p>The most significant of these is probably <a href="secman/about.html" class="page">SecMan</a>, which uses a database of users, roles and permission entities (either <a href="../../pjpa/2.0.0-M6/about.html" class="page">JPA</a> or <a href="../../pjdo/2.0.0-M6/about.html" class="page">JDO</a>) to manage authorisation. |
| As these users, roles and permissions are domain objects, they can be administered through Apache Isis itself.</p> |
| </div> |
| </div> |
| </div> |
| </article> |
| <aside class="article-aside toc hide-for-print" role="navigation"> |
| <p class="toc-title">On this page</p> |
| <div id="article-toc"></div> |
| </aside> |
| </main> |
| </div> |
| <footer class="footer"> |
| <div class="content"> |
| <div class="copyright"> |
| <p> |
| Copyright © 2010~2021 The Apache Software Foundation, licensed under the Apache License, v2.0. |
| <br/> |
| Apache, the Apache feather logo, Apache Isis, and the Apache Isis project logo are all trademarks of The Apache Software Foundation. |
| </p> |
| </div> |
| <div class="revision"> |
| <p>Revision: 2.0.0-M6-site-build.20210826-1021</p> |
| </div> |
| </div> |
| </footer> |
| <script src="../../_/js/site.js"></script> |
| <script async src="../../_/js/vendor/highlight.js"></script> |
| <script src="../../_/js/vendor/jquery-3.4.1.min.js"></script> |
| <script src="../../_/js/vendor/jquery-ui-1.12.1.custom.widget-only.min.js"></script> |
| <script src="../../_/js/vendor/jquery.tocify.min.js"></script> |
| |
| <script> |
| $(function() { |
| $("#article-toc").tocify( { |
| showEffect: "slideDown", |
| hashGenerator: "pretty", |
| hideEffect: "slideUp", |
| selectors: "h2, h3", |
| scrollTo: 120, |
| smoothScroll: true, |
| theme: "jqueryui", |
| highlightOnScroll: true |
| } ); |
| }); |
| </script> |
| |
| <script src="https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.js"></script> |
| <script> |
| function focusSearchInput () { document.querySelector('#algolia-search-input').focus() } |
| var search = docsearch({ |
| appId: '5ISP5TFAEN', |
| apiKey: '0fc51c28b4ad46e7318e96d4e97fab7c', |
| indexName: 'isis-apache-org', |
| inputSelector: '#algolia-search-input', |
| autocompleteOptions: { hint: false, keyboardShortcuts: ['s'] }, |
| debug: false, |
| }).autocomplete |
| search.on('autocomplete:closed', function () { search.autocomplete.setVal() }) |
| focusSearchInput() |
| window.addEventListener('load', focusSearchInput); |
| </script> |
| |
| <!-- |
| docsearch options: |
| https://docsearch.algolia.com/docs/behavior/ |
| --> |
| <!-- |
| https://www.algolia.com/doc/api-reference/api-parameters/ |
| algoliaOptions: { hitsPerPage: 6 }, |
| --> |
| </body> |
| </html> |