Building the Sample Genie Authorization Plug-in
Timothy is now all set to build a custom Genie Authorization Plug-in to meet Andrew's requirements.
Genie uses its own groups and roles for users. Today, it is required for Genie to synchronize their groups with OID. This is quite hard since they have domain groups like ifsall which includes all users who have been provisioned under Genie. The number of groups could potentially go up to 20,000. The load on the OID system under such groups is high.
Timothy therefore uses the new Authorization mechanism. Now, for every document, he simply adds an ACL attribute, which contains all the users and groups who have privileges on that document. The authorization plugin that Timothy designs will authenticate the user with Genie (through S2S mechanism) and get the list of groups that the user belongs to. This will be added as the query filter. (U1, Group1, .. ) WITHIN ACL.
He designs two Java classes GenieQueryFilter and GenieAuthMgr.
In this module, we will look at how Timothy builds the plug-in, and configures
a source.
