A factory to produce Hive's based on policy files. This factory is designed to make a best effort when problems occur. Meaning any malconfiguration in the policy file is logged and then skipped. This factory accepts the following policy format
grant[ principal <principal class> "name"] { permission <permission class> "name",[ "actions"]; }; where [] denotes an optional block, <> denotes a classname.
For brevity aliases are allowed in / for classnames and permission-, principal names. An alias takes the form of ${foo} the alias (the part between {}) must be at least 1 character long and must not contain one of the following 4 characters "${} For example: permission ${ComponentPermission} "myname.${foo}", "render";
Note that:
- names and action must be quoted
- a permission statement must be on a single line and terminated by a ;
- the grant block must be terminated by a ;
- if you don't specify a principal after the grant statement, everybody will be given those permissions automagically
- using double quotes '"' is not allowed, instead use a single quote '''
- aliases may be chained but not nested, so ${foo}${bar} is valid but not ${foo${bar}}
- aliases are not allowed in actions or reserved words (grant, permission, principal)
- aliases are case sensitive
By default the following aliases is available: AllPermissions for org.wicketstuff.security.hive.authorization.permissions.AllPermissions
@author marrink