summaryrefslogtreecommitdiff
path: root/BKUOnline/src/main/resources/at
diff options
context:
space:
mode:
authorwbauer <wbauer@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2008-09-05 11:40:49 +0000
committerwbauer <wbauer@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2008-09-05 11:40:49 +0000
commit68b3d73c291753f19d04682306ae67125dbbd431 (patch)
tree28041df31ef94e8902047d0f824d616cbee1b801 /BKUOnline/src/main/resources/at
parentead5dc6d62e7fd6325ea164625b02a6b6fbb226e (diff)
downloadmocca-68b3d73c291753f19d04682306ae67125dbbd431.tar.gz
mocca-68b3d73c291753f19d04682306ae67125dbbd431.tar.bz2
mocca-68b3d73c291753f19d04682306ae67125dbbd431.zip
Adjusted default security settings for BKUOnline
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@16 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'BKUOnline/src/main/resources/at')
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml75
1 files changed, 25 insertions, 50 deletions
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml
index 15d62155..e12d1abe 100644
--- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml
@@ -1,39 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<AccessControl>
<Chains>
+ <!--
+ The input chain defines filters that are applied before command
+ execution
+ -->
<Chain Id="InputChain">
<Rules>
- <Rule Id="rule-1">
- <AuthClass>certifiedGovAgency</AuthClass>
- <AnyPeer />
+ <!-- there is no command implemented that requires input filtering -->
+ <Rule Id="InputChain-AllowAll">
<Action>
<RuleAction>allow</RuleAction>
</Action>
<UserInteraction>confirm</UserInteraction>
</Rule>
- <Rule Id="rule-2">
- <AuthClass>pseudoanonymous</AuthClass>
- <AnyPeer />
+ </Rules>
+ </Chain>
+
+ <!--
+ The output chain defines filters that are applied after command
+ execution
+ -->
+ <Chain Id="OutputChain">
+ <Rules>
+ <Rule Id="OutputChain-Egov">
+ <AuthClass>certifiedGovAgency</AuthClass>
<Action>
- <ChainRef>Command</ChainRef>
+ <RuleAction>allow</RuleAction>
</Action>
- <UserInteraction>none</UserInteraction>
+ <UserInteraction>confirm</UserInteraction>
</Rule>
- <Rule Id="rule-3">
+ <Rule Id="OutputChain-Command">
<AuthClass>anonymous</AuthClass>
- <IPv4Address>127.0.0.1</IPv4Address>
<Action>
<ChainRef>Command</ChainRef>
</Action>
- <UserInteraction>none</UserInteraction>
- </Rule>
- <Rule Id="rule-4">
- <AuthClass>anonymous</AuthClass>
- <DomainName>$.gv.at</DomainName>
- <Action>
- <RuleAction>allow</RuleAction>
- </Action>
- <UserInteraction>confirm</UserInteraction>
</Rule>
</Rules>
</Chain>
@@ -44,7 +45,7 @@
<AnyPeer />
<Command Name="Infobox*">
<Param Name="InfoboxIdentifier">IdentityLink</Param>
- <Param Name="PersonIdentifier">.*</Param>
+ <Param Name="PersonIdentifier">derived</Param>
</Command>
<Action>
<RuleAction>allow</RuleAction>
@@ -52,42 +53,16 @@
<UserInteraction>confirm</UserInteraction>
</Rule>
<Rule Id="cmd-rule-2">
- <AuthClass>certified</AuthClass>
- <URL>https://finanzonline.bmf.gv.at/*
- </URL>
- <Command Name="InfoboxReadRequest">
- <Param Name="InfoboxIdentifier">Mandates</Param>
- <Param Name="PersonIdentifier">.*</Param>
+ <AuthClass>anonymous</AuthClass>
+ <Command Name="Infobox.*">
+ <Param Name="InfoboxIdentifier">IdentityLink</Param>
</Command>
<Action>
- <RuleAction>allow</RuleAction>
+ <RuleAction>deny</RuleAction>
</Action>
<UserInteraction>info</UserInteraction>
</Rule>
<Rule Id="cmd-rule-3">
- <AuthClass>certified</AuthClass>
- <AnyPeer />
- <Command Name="InfoboxReadRequest" />
- <Action>
- <RuleAction>allow</RuleAction>
- </Action>
- <UserInteraction>none</UserInteraction>
- </Rule>
- <Rule Id="cmd-rule-4">
- <AuthClass>anonymous</AuthClass>
- <AnyPeer />
- <Command Name="InfoboxReadRequest" />
- <IPv4Address>127.0.0.1</IPv4Address>
- <Action>
- <RuleAction>allow</RuleAction>
- </Action>
- <UserInteraction>none</UserInteraction>
- </Rule>
- </Rules>
- </Chain>
- <Chain Id="OutputChain">
- <Rules>
- <Rule Id="out-1">
<Action>
<RuleAction>allow</RuleAction>
</Action>