Permission Request File
This is to enable Blu-print to include a Permission Request File (PRF) in signed JARs for applications to acquire permissions to access the persistent storage (Application Storage Area).
BDJO Properties – Application Management Table Editor
To include a PRF in the application’s JAR, click on the tab “PRF” in the BDJO’s Application Management Table editor that is launched from Properties Window.
Include PRF – This checkbox is enabled only for signed Applications, i.e, checkbox “Signed” is checked in tab “General”.
Include PRF is unchecked by default. When checked, options “Create Permission Request File” and “Copy from File” become enabled.
“Create Permission Request File” is checked by default.
Create Permission Request File – If this is checked, the textbox to enter filenames to create a credential for becomes enabled; also, the “Copy from file” option becomes disabled.
For a signed application to access the organization’s folder in persistent storage, just creating a PRF will do. The default PRF template provides permission for this access. But to access a folder in the organization folder that is created for some other application, a “persistent file credential” is required. To create this in the PRF, enter the file names that the current application needs access to, separated by comma.
If a folder created for an application in another disc/project needs to be accessed by an application in the current project, then both the discs/projects should have the same organization id and the same app.disc.root certificate. This is because the grantor will be the same as the grantee for credentials currently created by Blu-print.
Clicking on the “?” brings up the help text for this field as follows:
Copy from File – To copy an existing PRF, click on this option and browse to select the PRF.
The above details will be saved in XML files in the intermediate folder until they can be made persistent in the database. New fields (transient and non-serializable) have been added to BDJApplication in the design model to load these values into Blu-print.
The following the template used to create Permission Request Files.
<file value=»true» /> is enough for an application to be able to access the folder created for itself in the organization folder and also the organization folder itself. To access folders in the organization folder created for other applications, it requires a
<persistentfilecredential>. This is created at the time of signing the JARs if the appropriate values are entered in the PRF tab for that application.
References from BD Specification
220.127.116.11 Access control, security scheme, application authentication scheme
12.1.7 Permission Request File Schemas 12.2.1, “BD-J
12.1.9 Permission Request File name and location
12.1.12 Scenario Example
12.2.1 BD-J Permission Request File