Cosmo Security Model
Cosmo answers two main security questions when handling a request from any source (WebDAV, CalDAV, Atom, CMP, webcal, etc):
- Authentication - who is the person or program (in other words, the principal making the request)
- Authorization - is the principal allowed to perform the requested operation?
Cosmo understands these types of principals:
- user - a human with a user account on the server, identifed by credentials (username and password)
- ticket - an opaque identifier that "stands in" for any number of people or programs
- anonymous - any unidentified principal
Cosmo authenticates a request by:
- Look for user credentials (using the Basic authentication scheme for WebDAV, CMP and Atom or the J2EE-specified form inputs for the Web Console). If found, look up the identified user and compare the submitted password to the stored one. This is the only authentication mechanism supported for the Web Console.
- If user credentials are not found, then look for a ticket id in the
Ticket header or the
ticket request parameter. If found, look up the identified ticket on the requested resource (or its ancestors, as tickets are inherited by descendent resources). If found, check to see if the ticket has expired.
- If a ticket is not found, then the principal is considered to be anonymous (in other words, unauthenticated).
An anonymous user
is allowed to use the Web Console and CMP to sign up for an account and to view certain unprotected Web Console pages.
A regular or end user
is allowed to perform any operation against items they own or items that exist in collections they own, with the exception of moving or deleting the home directory.
user has full access to all user accounts and resources in the repository.
is associated with one or more privileges that allow certain types of operations for a resource:
- read-only: the ticket allows only read-only operations to the resources to which the ticket is granted on.
- read-write: the ticket allows all access to the resources to which the ticket is granted on
- freebusy: the ticket allows only access to freebusy information (only relevant for CalDAV calendar collections or regular DAV collections which contain calendar collections somewhere beneath them)
More notes on security model can be found here: CosmoOneDotZeroSecurityNotes
The Spring Security web site
has further information on the security framework, including API documentation and a comprehensive reference manual.
The Java Servlet 2.4 Specification
discusses the general web application security concepts and container-provided services that are built upon (or sometimes replaced) by Acegi Security and Cosmo.