Authorization/Security Mapping SPI Overview

The authorization SPI provides the implementation to support Jetspeed 2 users, roles and groups associations and the roles/groups hierarchy policy. It provides the underlying mechanism to support the implementation of the RoleManager and GroupManager .

As described in the security overview , Jetspeed support hierarchical role based access control with configurable hierarchy policies.

First, let's have a look at a class diagram of the authorization SPI:













Authorization SPI Components

The authorization SPI implements the following components:

ComponentDescription
org.apache.jetspeed.security.spi.SecurityMappingHandler See security-spi-atz.xml configuration.
org.apache.jetspeed.security.HierarchyResolver See hierarchy management.
org.apache.jetspeed.security.spi.RoleSecurityHandler See security-spi-atz.xml configuration.
org.apache.jetspeed.security.spi.GroupSecurityHandler See security-spi-atz.xml configuration.