Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung Nächste ÜberarbeitungBeide Seiten der Revision | ||
de:shibidp3testzugang_fuer_externe_admins [2016/03/30 13:13] – Wolfgang Pempe | de:shibidp3testzugang_fuer_externe_admins [2020/10/15 12:34] – [Alternative Activation Condition] Silke Meyer | ||
---|---|---|---|
Zeile 35: | Zeile 35: | ||
</ | </ | ||
</ | </ | ||
- | <bean parent=" | + | <bean parent=" |
</ | </ | ||
</ | </ | ||
Zeile 47: | Zeile 47: | ||
- | Diese Datei muß in '' | + | Diese Datei muss in '' |
<file xml / | <file xml / | ||
<!-- ... --> | <!-- ... --> | ||
Zeile 60: | Zeile 60: | ||
<file xml / | <file xml / | ||
<!-- ... --> | <!-- ... --> | ||
- | <resolver:DataConnector id=" | + | < |
activationConditionRef=" | activationConditionRef=" | ||
ldapURL=" | ldapURL=" | ||
<!-- ... --> | <!-- ... --> | ||
</ | </ | ||
- | Dieses Attribut | + | Dieses Attribut |
+ | ==== Alternative Activation Condition ==== | ||
+ | |||
+ | Alternativ sollte auch diese Activation-Condition auf Java-Script-Basis funktionieren: | ||
+ | |||
+ | <file xml> | ||
+ | <?xml version=" | ||
+ | <!-- | ||
+ | author: Ramon Pfeiffer | ||
+ | organisation: | ||
+ | email: ramon.pfeiffer@uni-tuebingen.de | ||
+ | date: 2017-08-24 | ||
+ | |||
+ | This file is free to use for any purposes, without any warranty, as long as you keep this comment intact. | ||
+ | --> | ||
+ | <beans | ||
+ | xmlns=" | ||
+ | xmlns: | ||
+ | xmlns: | ||
+ | xmlns: | ||
+ | xmlns: | ||
+ | xsi: | ||
+ | http:// | ||
+ | http:// | ||
+ | |||
+ | <bean | ||
+ | id=" | ||
+ | parent=" | ||
+ | factory-method=" | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | var adminsAndServices = { | ||
+ | // | ||
+ | //" | ||
+ | //" | ||
+ | }; | ||
+ | |||
+ | value = true; | ||
+ | for(admin in adminsAndServices){ | ||
+ | value = value && canAccess(admin, | ||
+ | } | ||
+ | |||
+ | value; | ||
+ | |||
+ | function canAccess(user, | ||
+ | return isAdministratedService(service) || !isServiceAdministrator(user); | ||
+ | } | ||
+ | |||
+ | function isAdministratedService(service){ | ||
+ | rpCtx = profileContext.getSubcontext(" | ||
+ | return rpCtx != null && rpCtx.getRelyingPartyId().equals(service); | ||
+ | } | ||
+ | |||
+ | function isServiceAdministrator(user){ | ||
+ | arCtx = profileContext.getSubcontext(" | ||
+ | return arCtx != null && arCtx.principal.equals(user); | ||
+ | } | ||
+ | ]]> | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | Herzlichen Dank an Ramon Pfeiffer aus Tübingen für diese Variante! | ||
+ | |||
+ | {{tag> |