实施定制细颗粒度安全性提供程序

如果组织将权利信息保留在外部系统应用程序中,那么可以编写自己的插件,用于将 Monitor 细颗粒度安全性过滤器与外部系统应用程序相集成。 可以使用 Business Monitor 提供的工件来实施自己的细颗粒度安全性提供程序。

关于此任务

如以下 plugin.xml 文件中所示,细粒度安全性框架提供了两个扩展点:com.ibm.wbimonitor.repository.security-filter-provider 和 com.ibm.wbimonitor.repository.object-security-provider。

  <?xml version="1.0" encoding="UTF-8"?>
  <plugin id="com.ibm.wbimonitor.repository" name="MetadataRepository" provider-name="IBM" version="7.5.0">
     <extension-point id="security-filter-provider"/>
     <extension-point id="object-security-provider"/>
   </plugin>
此外,框架还提供了用于安全性过滤器的接口以及对象安全性规则:
  • 安全性过滤器的接口:
    /**
	 	 * @param userId 	- user id
	 	 * @param groupCNs 	- group common name list of current user
	 	 * @param userDN 	- user distinguished name
	 	 * @param groupDNs 	- group distinguished name list of current user
	 * @param modelId
	 	 * @param mcId
	 	 * @return the filter set defined for the model MC.
	 	 * @throws FGSException - any exception happens when getting the security filters
	 */
public String getMCFilterSet(String userId, List<String>groupCNs,
String userDN, List<String> groupDNs, String modelId, String mcId)
/**
	 * @param modelId
	 	 * @return all the security filters defined for the model.
	 	 * @throws FGSException - any exception happens when getting the security filters
	 */
public String getModelSecurityFilters(String modelId)
/**
	 	 * Get the FGS provider description.
	 * @return
	 */
public String getFGSProviderDescription()
/**
	 	 * Get the FGS provider name.
	 * @return
	 */
public String getFGSProviderName()
/**
	 	 * Return the models on which the current Fine Grain Security provider will take effect.
	 	 * @return the list of model ids
	 	 * @throws FGSRegistrationException - exception when the provider incorrectly handles the registered models. 
	 */
public List<String> getSupportedModels() throws FGSRegistrationException
  • 对象安全性规则的接口:
    /**
	 	 * Return the list of hidden dimension ids
	 	 * @param userId 	- user id
	 	 * @param groupCNs 	- group common name list of current user
	 	 * @param userDN 	- user distinguished name
	 	 * @param groupDNs 	- group distinguished name list of current user
	 * @param modelId
	 	 * @param mcId
	 	 * @return the list of hidden dimension ids
	 * @throws FGSException - any exception happens when getting the object security
	 */
public List<String> getCubeHiddenDimensions(String userId, 
List<String>groupCNs,String userDN, List<String> groupDNs, 
String modelId, String mcId)
/**
 * Return the list of hidden measure ids
	 	 * @param userId 	- user id
	 	 * @param groupCNs 	- group common name list of current user
	 	 * @param userDN 	- user distinguished name
	 	 * @param groupDNs 	- group distinguished name list of current user
	 * @param modelId
	 	 * @param mcId
	 	 * @return the list of hidden measure ids
	 * @throws FGSException - any exception happens when getting the object security
	 */
public List<String> getCubeHiddenMeasures(String userId, 
List<String>groupCNs,String userDN, List<String> groupDNs, 
String modelId, String mcId)
/**
	 	 * Return the list of hidden metric ids
	 	 * @param userId 	- user id
	 	 * @param groupCNs 	- group common name list of current user
	 	 * @param userDN 	- user distinguished name
	 	 * @param groupDNs 	- group distinguished name list of current user
	 * @param modelId
	 	 * @param mcId
	 	 * @return the list of hidden metric ids
	 * @throws FGSException - any exception happens when getting the object security
	 */
public List<String> getMCHiddenMetrics(String userId, 
List<String>groupCNs,String userDN, List<String> groupDNs, 
String modelId, String mcId)
/**
	 	 * Return the list of hidden alert ids
	 	 * @param userId 	- user id
	 	 * @param groupCNs 	- group common name list of current user
	 	 * @param userDN 	- user distinguished name
	 	 * @param groupDNs 	- group distinguished name list of current user
	 * @param modelId
	 	 * @return the list of hidden alert ids
	 * @throws FGSException - any exception happens when getting the object security
	 */
public List<String> getModelHiddenAlerts(String userId, 
List<String>groupCNs,String userDN, List<String> groupDNs, 
String modelId, String mcId)
/**
	 	 * Return the list of hidden KPI ids
	 	 * @param userId 	- user id
	 	 * @param groupCNs 	- group common name list of current user
	 	 * @param userDN 	- user distinguished name
	 	 * @param groupDNs 	- group distinguished name list of current user
	 * @param modelId
	 	 * @return the list of hidden KPI ids
	 * @throws FGSException - any exception happens when getting the object security
	 */
public List<String> getModelHiddenKPIs(String userId, 
List<String>groupCNs,String userDN, List<String> groupDNs, 
String modelId, String mcId)throws FGSException/**
* @param modelId
* @return all the object security rules defined for specified model.
* @throws FGSException - any exception happens when getting the object security
*/

public String getModelObjSecRules(String modelId)
/**
	 	 * Get the FGS provider description.
	 * @return
	 */
public String getFGSProviderDescription()
/**
	 	 * Get the FGS provider name.
	 * @return
	 */
public String getFGSProviderName()
/**
	 	 * Return the models on which the current Fine Grain Security provider will take effect.
	 	 * @return the list of model ids
	 	 * @throws FGSRegistrationException - exception when the provider incorrectly handles the registered models. 
	 */
public List<String> getSupportedModels() throws FGSRegistrationException
有关对扩展点进行扩展和实现接口的信息,请参阅 plugin.xml 文件和以下文件:
  • com.ibm.wbimonitor.security.finegrainsecurity.sample.filtersec.FGSSampleSecurityFilterImpl.java
  • com.ibm.wbimonitor.security.finegrainsecurity.sample.objectsec.FGSSampleObjectSecurityImpl.java
这些文件位于以下 .zip 文件中: 
<monitor_server>/scripts.wbm/FGSecurity/SampleProvider/com.ibm.wbimonitor.security.finegrainsecurity.sample.zip
扩展点和接口在束 com.ibm.wbimonitor.repository.jar 中进行声明。

过程

  1. 在开发期间,将 com.ibm.wbimonitor.repository.jar 文件添加到细颗粒度安全性定制提供程序项目。
  2. 将扩展点添加到 plugin.xml 文件,如以下示例中所示: 
      <?xml version="1.0" encoding="UTF-8"?>
- <plugin id="FGSSampleProvider" name="Fine grain security sample provider" provider-name="IBM" version="7.5.0">
  -  <extension id="FGSSampleSecurityFilter" name="FGS Sample Security Filter" point="com.ibm.wbimonitor.repository.security-filter-provider">
     - <components>
         <component class="com.ibm.wbimonitor.security.finegrainsecurity.sample.filtersec.FGSSampleSecurityFilterImpl" startup="1" />
       </components>
     </extension>
   - <extension id="FGSSampleObjectSecurity" name="FGS Sample Object Security" point="com.ibm.wbimonitor.repository.object-security-provider">
     - <components>
         <component class="com.ibm.wbimonitor.security.finegrainsecurity.sample.objectsec.FGSSampleObjectSecurityImpl" startup="2" />
       </components>
     </extension>
  </plugin>
  3. 实现接口。使用以下类中所示的实现作为指导:
    • com.ibm.wbimonitor.security.finegrainsecurity.sample.filtersec.FGSSampleSecurityFilterImpl
    • com.ibm.wbimonitor.security.finegrainsecurity.sample.objectsec.FGSSampleObjectSecurityImpl
父主题: 配置细颗粒度安全性