next up previous
Next: Authorization Filter Up: Configuration Previous: AttributeMap definition

Example of a complete configuration file

Here it follows an example of a XML configuration file for the Authorization Manager.
<?xml version="1.0" encoding="UTF-8"?>
<authorizationManager recheck="300">
   <policy name="Policy_1" default="true">
      <repository name="OR_repository" type="or">
         <repository name="Repository_1" type="map">
            <map name="Regex_map" type="regex" modify="false">
               <map name="Table_map" type="table" modify="false">
                  <param key="/O=EDG/OU=cern.ch/CN=.*" value="NormalAccess" />
                  <param key="/O=EDG/OU=.*" value="RestrictedAccess" />
                  <param key="/O=.*" value="NoAccess" />
               </map>
            </map>
         </repository>
         <repository name="Repository_2" type="map">
            <map name="Gridmapfile_map" type="file" modify="true">
               <filename>/etc/grid-security/gridmap</filename>
               <filetype>gridmap</filetype>
               <refreshperiod>-1</refreshperiod>
            </map>
         </repository>
      </repository>
      <translation>
         <map name="Translation_map" type="db" modify="false">
            <dbName dbname="GRIDSecurity" />
            <Table table="transl" />
            <Driver driver="org.gjt.mm.mysql.Driver" />
            <Url url="jdbc:mysql://localhost:3306/GRIDSecurity" />
            <userName username="grid_user" />
            <passWord passwd="grid_password" />
            <refreshInterval interval="300" />
         </map>
      </translation>
   </policy>
</authorizationManager>

This configuration file defines:
One Authorization Manager with a periodic reload of its configuration every 300 seconds.
The Authorization Manager contains one Policy named `Policy_1', which is the default Policy.
Policy_1 contains one AttributeRepository named `OR_repository' of type `or' and one Translation section.
OR_repository contains one AttributeRepository named `Repository_1' of type `map' and one AttributeRepository named `Repository_2' of type `map'.
Repository_1 contains one AttributeMap named `Regex_map' of type `regex' and not modifiable.
Regex_map contains one AttributeMap named `Table_map' of type `table', not modifiable, that contains three associations.
Repository_2 contains one AttributeMap named `Gridmapfile_map' of type `file', modifiable, based on a gridmap file located at `/etc/grid-security/gridmap' and reloaded every time the content of the file is modified.
The Translation section contains one AttributeMap named `Translation_map' of type `db', not modifiable, based on the `transl' table of database `GRIDSecurity', accessible at the url
`jdbc:mysql://localhost:3306/GRIDSecurity' with a `org.gjt.mm.mysql.Driver' JDBC driver, authenticating with username `grid_user' and password `grid_password', reloaded every 300 seconds.


next up previous
Next: Authorization Filter Up: Configuration Previous: AttributeMap definition
2004-05-05