P. 1
liferay-administrator-guide-6.0

liferay-administrator-guide-6.0

|Views: 44|Likes:
Publicado porPierluca Martella

More info:

Published by: Pierluca Martella on Apr 11, 2011
Direitos Autorais:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/11/2011

pdf

text

original

Set the following encryption algorithm to encrypt passwords. The
default algorithm is SHA (SHA-1). If set to NONE, passwords are stored in the
database as plain text. The SHA-512 algorithm is currently unsupported.

Examples:

passwords.encryption.algorithm=CRYPT
passwords.encryption.algorithm=MD2
passwords.encryption.algorithm=MD5
passwords.encryption.algorithm=NONE
passwords.encryption.algorithm=SHA
passwords.encryption.algorithm=SHA-256
passwords.encryption.algorithm=SHA-384
passwords.encryption.algorithm=SSHA

Advanced Liferay Configuration

253

Advanced Liferay Configuration

Digested passwords are encoded via base64 or hex encoding. The default

is base64.

passwords.digest.encoding=base64
#passwords.digest.encoding=hex

Input a class name that extends com.liferay.portal.security.pwd.Ba-
sicToolkit. This class will be called to generate and validate passwords.

Examples:

passwords.toolkit=com.liferay.portal.security.pwd.PasswordPolicyToolkit
passwords.toolkit=com.liferay.portal.security.pwd.RegExpToolkit

If you choose to use com.liferay.portal.security.pwd.PasswordPoli-
cyToolkit as your password toolkit, you can choose either static or dynamic
password generation. Static is set through the property passwords.pass-
wordpolicytoolkit.static and dynamic uses the class com.liferay.util.P-
wdGenerator to generate the password. If you are using LDAP password
syntax checking, you will also have to use the static generator so that you can
guarantee that passwords obey its rules.

Examples:

passwords.passwordpolicytoolkit.generator=static
passwords.passwordpolicytoolkit.generator=dynamic
passwords.passwordpolicytoolkit.static=iheartliferay

If you choose to use com.liferay.portal.security.pwd.RegExpToolkit
as your password toolkit, set the regular expression pattern that will be used
to generate and validate passwords.
Note that \ is replaced with \\ to work in Java.
The first pattern ensures that passwords must have at least 4 valid
characters consisting of digits or letters.
The second pattern ensures that passwords must have at least 8 valid
characters consisting of digits or letters.

Examples:

passwords.regexptoolkit.pattern=(?=.{4})(?:[a-zA-Z0-9]*)
passwords.regexptoolkit.pattern=(?=.{8})(?:[a-zA-Z0-9]*)

Set the length and key for generating passwords.

Examples:

passwords.regexptoolkit.charset=0123456789
passwords.regexptoolkit.charset=0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh
ijklmnopqrstuvwxyz

Examples:

254

Advanced Liferay Configuration

Advanced Liferay Configuration

passwords.regexptoolkit.length=4
passwords.regexptoolkit.length=8

Set the name of the default password policy.

passwords.default.policy.name=Default Password Policy

Permissions

Set the default permission checker class used by com.liferay.-
portal.security.permission.PermissionCheckerFactory to check permis-
sions for actions on objects. This class can be overridden with a custom class
that extends com.liferay.portal.security.permission.PermissionCheck-
erImpl.

permissions.checker=com.liferay.portal.security.permission.PermissionChecker
Impl

Set the algorithm used to check permissions for a user. This is useful so
that you can optimize the search for different databases. See com.liferay.-
portal.service.impl.PermissionLocalServiceImpl. The default is method
two.

The first algorithm uses several if statements to query the database for
these five things in order. If it finds any one of them, it returns true:
• Is the user connected to one of the permissions via group or
organization roles?
• Is the user associated with groups or organizations that are directly
connected to one of the permissions?
• Is the user connected to one of the permissions via user roles?
• Is the user connected to one of the permissions via user group roles?
• Is the user directly connected to one of the permissions?

The second algorithm (the default) does a database join and checks the
permissions in one step, by calling countByGroupsRoles, countByGroupsPer-
missions, countByUsersRoles, countByUserGroupRole, and countBy-
UsersPermissions in one method.
The third algorithm checks the permissions by checking for three things.
It combines the role check into one step. If it finds any of the following items,
it returns true:

• Is the user associated with groups or organizations that are
directly connected to one of the permissions?
• Is the user associated with a role that is directly connected to
one of the permissions?
• Is the user directly connected to one of the permissions?

Advanced Liferay Configuration

255

Advanced Liferay Configuration

The fourth algorithm does a database join and checks the permissions
that algorithm three checks in one step, by calling countByGroupsPermis-
sions, countByRolesPermissions, and countByUsersPermissions in one
method.

Algorithm 5 moves to a completely role-based permissions check for
better performance. Permissions by users are no longer supported, yet it uses
the same table structure as Algorithms 1-4.
Algorithm 6 is the current algorithm for Liferay 6 and above. It supports
role-based permissions like Algorithm 5, but does so by using only one table
and bitwise operations. This makes it perform far better than the other
algorithms.

permissions.user.check.algorithm=1
permissions.user.check.algorithm=2
permissions.user.check.algorithm=3
permissions.user.check.algorithm=4
permissions.user.check.algorithm=5
permissions.user.check.algorithm=6

Set the default permissions list filter class. This class must implement
com.liferay.portal.kernel.security.permission.PermissionsListFilter.
This is used if you want to filter the list of permissions before it is actually
persisted. For example, if you want to make sure that all users who create
objects never have the UPDATE action, then you can filter that list and
remove any permissions that have the UPDATE action before it is persisted.

permissions.list.filter=com.liferay.portal.security.permission.PermissionsLi
stFilterImpl

Set this to true to configure permission caching to block. See the
property ehcache.blocking.cache.allowed for more information.

permissions.object.blocking.cache=false

The permissions cache uses a thread local map to store the most
frequently accessed items to lower the number of queries to the underlying
cache. Set the maximum map size to 0 to disable the thread level cache.

permissions.thread.local.cache.max.size=100

Set the following to true to automatically check the view permission on
parent categories or folders when checking the permission on an specific
item.

For example, if set to true, to be able to have access to a document, a user
must have the view permission on the document's folder and all its parent
folders. Or, to have access to a comment, a user must have the view
permission on the comments's category and all its parent categories.

256

Advanced Liferay Configuration

Advanced Liferay Configuration

permissions.view.dynamic.inheritance=true

You're Reading a Free Preview

Descarregar
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->