gemfire-core/src/test/resources/templates/security/authz6_0.dtd - geode - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!--

 This is the XML DTD for the GemFire sample XML based authorization callback
 in templates.security.XmlAuthorization.

 All XMLs must include a DOCTYPE of the following form:

   <!DOCTYPE acl PUBLIC
     "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
     "http://www.gemstone.com/dtd/authz5_5.dtd">

 The contents of a declarative XML file correspond to APIs found in the

                       com.gemstone.gemfire.security.AccessControl

 package. The sample implementation may be used to specify access control
 policies.

 -->

 <!--

 The following conventions apply to all GemFire sample authorization
 XML file elements unless indicated otherwise.

 - In elements that contain PCDATA, leading and trailing whitespace in
   the data may be ignored.

 - In elements whose value is an "enumerated type", the value is case
   sensitive.

 -->


 <!--
 The "acl" element is the root element of the authorization file.
 This element contains the role to user mappings and role to permissions
 mapping on a per region per operation basis.
 -->

 <!ELEMENT acl (role+,permission+)>

 <!--
 The "role" element contains the set of users that have the permissions of
 given role. A user can be present in more than one "role" elements in
 which case the union of the permissions to all those roles determines
 the full set of permissions to be given to the user.
 -->

 <!ELEMENT role (user*)>
 <!ATTLIST role
   name CDATA #REQUIRED
 >

 <!--
 The "user" element is contained within the "role" element and contains
 the name of a user having the permissions of that role.
 -->

 <!ELEMENT user (#PCDATA)>

 <!--
 The "permission" element specifies the list of operations that are allowed
 for a particular role in the given regions as provided in the optional
 "regions" attribute. The value of "regions" attribute should be a comma
 separated list of region names for which permissions are to be provided.
 If no "regions" attribute is provided then those permissions are provided
 for all the other regions (i.e. other than those that have been explicitly
 specified). Permissions for cache level operations REGION_DESTROY,
 REGION_CREATE, QUERY and CQ operations should be specified with no "regions"
 attribute. If cache-level permission is not provided for QUERY or CQ operations
 then the permission for all the region names in the query string is checked.
 -->

 <!ELEMENT permission (operation*)>
 <!ATTLIST permission
   role CDATA #REQUIRED
   regions CDATA #IMPLIED
 >


 <!--
 The operation should be one of the following strings:
  GET, PUT, PUTALL, DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST,
  CONTAINS_KEY, KEY_SET, QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR,
  REGION_CREATE, REGION_DESTROY
 -->
 <!ELEMENT operation (#PCDATA)>
 <!ATTLIST operation
   functionIds CDATA #IMPLIED
   optimizeForWrite CDATA #IMPLIED
   keySet CDATA #IMPLIED
 >
	<?xml version="1.0" encoding="UTF-8"?>
	<!--

	This is the XML DTD for the GemFire sample XML based authorization callback
	in templates.security.XmlAuthorization.

	All XMLs must include a DOCTYPE of the following form:

	<!DOCTYPE acl PUBLIC
	"-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
	"http://www.gemstone.com/dtd/authz5_5.dtd">

	The contents of a declarative XML file correspond to APIs found in the

	com.gemstone.gemfire.security.AccessControl

	package. The sample implementation may be used to specify access control
	policies.

	-->

	<!--

	The following conventions apply to all GemFire sample authorization
	XML file elements unless indicated otherwise.

	- In elements that contain PCDATA, leading and trailing whitespace in
	the data may be ignored.

	- In elements whose value is an "enumerated type", the value is case
	sensitive.

	-->


	<!--
	The "acl" element is the root element of the authorization file.
	This element contains the role to user mappings and role to permissions
	mapping on a per region per operation basis.
	-->

	<!ELEMENT acl (role+,permission+)>

	<!--
	The "role" element contains the set of users that have the permissions of
	given role. A user can be present in more than one "role" elements in
	which case the union of the permissions to all those roles determines
	the full set of permissions to be given to the user.
	-->

	<!ELEMENT role (user*)>
	<!ATTLIST role
	name CDATA #REQUIRED
	>

	<!--
	The "user" element is contained within the "role" element and contains
	the name of a user having the permissions of that role.
	-->

	<!ELEMENT user (#PCDATA)>

	<!--
	The "permission" element specifies the list of operations that are allowed
	for a particular role in the given regions as provided in the optional
	"regions" attribute. The value of "regions" attribute should be a comma
	separated list of region names for which permissions are to be provided.
	If no "regions" attribute is provided then those permissions are provided
	for all the other regions (i.e. other than those that have been explicitly
	specified). Permissions for cache level operations REGION_DESTROY,
	REGION_CREATE, QUERY and CQ operations should be specified with no "regions"
	attribute. If cache-level permission is not provided for QUERY or CQ operations
	then the permission for all the region names in the query string is checked.
	-->

	<!ELEMENT permission (operation*)>
	<!ATTLIST permission
	role CDATA #REQUIRED
	regions CDATA #IMPLIED
	>


	<!--
	The operation should be one of the following strings:
	GET, PUT, PUTALL, DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST,
	CONTAINS_KEY, KEY_SET, QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR,
	REGION_CREATE, REGION_DESTROY
	-->
	<!ELEMENT operation (#PCDATA)>
	<!ATTLIST operation
	functionIds CDATA #IMPLIED
	optimizeForWrite CDATA #IMPLIED
	keySet CDATA #IMPLIED
	>