726: Finalize v1.0 for release with Schema Registry

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=726

726: Finalize v1.0 for release with Schema Registry
Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=726
0eafe9f0 · Gradl, Tobias · 622d0710 · 0eafe9f0
Commit 0eafe9f0 authored Apr 24, 2017 by Gradl, Tobias
--- a/README.md
+++ b/README.md
@@ -48,58 +48,83 @@ java -cp dariahsp-core-0.0.4-SNAPSHOT-jar-with-dependencies.jar eu.dariah.de.dar
 ## Implementing security
 Spring security related configuration is packed in three context files:
-* security-context-common.xml contains 
+* *security-context-common.xml* contains all security related beans that are relevant for both local and SAML based authentication methods. The common context is included in the -local and -saml context files.
-* security-context-local.xml
+* *security-context-local.xml* defines beans only necessary in local authentication enviroments.
-* security-context-saml.xml
+* *security-context-saml.xml* respectively only includes beans that are required for SAML processing.
+With the environment flag `-Dsaml=true` the local context is no longer loaded and the saml context comes into play. When set to false or missing, the local context is loaded.
 ### Local user database
 Without specifying the saml environment parameter, the sample application starts in local authentication mode. 
-To support local authentication, configure this library as in the *security-local-context.xml* template. To complete the setup for this method, applications might want to implement the *UserService* interface (base implementation *BaseUserService*) to provide access to persisted user information.
+A sample dariahsp.yml configuration 
+```yaml
+auth:
+  local: 
+    users:  
+      - username: 'admin'
+        #this hash represents the BCrypt encoded 'password'
+        passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
+        roles: ["ROLE_ADMINISTRATOR"]
+  saml:
+    keystore:
+      path: /path/to/keystore.jks
+      #Uncomment if keystore is not protected by password
+      #pass: 'somepass'
+      alias: minfba.de.dariah.eu
+      #leave aliaspass empty if no password has been set
+      aliaspass: 'aliaspass'
+```
-The implementation needs to be provided to the *LocalAuthenticationProvider*.
-In cases that do not require user detail persistence, no implementation of the *UserDetails* should be provided to the *LocalAuthenticationProvider*.  
-### SAML
-## Further info
-### Java keystore
-Based on a X.509 keypair and certificate chains, the required Java keystore can easily be consolidated with `openssl` and the `keytool` (comes with Java installation). The followings steps show the commands for the example of the keystore for dfa.de.dariah.eu and the appropriate input. Please modify accordingly:
-**Convert pem/pem keypair to p12 for easier input:**
-For the -name argument make sure to chose the later alias of the keypair in the keystore -- specified in the following step with the -alias argument.
-```
-$ openssl pkcs12 -export -name dfa.de.dariah.eu -in dfa-de-dariah-eu-signed.pem -inkey dfa-de-dariah-eu-privatekey.pem > dfa-de-dariah-eu.p12
-```
-**Import p12 keypair and create Java keystore**
-```
-$ keytool -importkeystore -alias dfa.de.dariah.eu -srckeystore dfa-de-dariah-eu.p12 -destkeystore dfa-de-dariah-eu.jks -srcstoretype pkcs12
-```
-**Import required trusted ca certificates (in our case the chain of our keypair and the trusted SAML metadata provider keychains)**
-```
-$ keytool -import -trustcacerts -alias gwdg_certificate_chain_g2 -file gwdg_certificate_chain_g2.pem -keystore dfa-de-dariah-eu.jks 
-$ keytool -import -trustcacerts -alias dfn-aai -file dfn-aai.pem -keystore dfa-de-dariah-eu.jks
-$ keytool -import -trustcacerts -alias dfn-aai-g2 -file dfn-aai.g2.pem -keystore dfa-de-dariah-eu.jks
-```
-A more or less convenient option to view and edit Java keystore can be found in the [KeyStore Explorer](http://keystore-explorer.org/) 
-**Specify configuration parameters**
-```
-saml.keystore.path = /path/to/dfa-de-dariah-eu.jks
-saml.keystore.pass = password 		# as entered in step 2 (keytool -importkeystore)
-saml.keystore.alias = dfa.de.dariah.eu
-saml.keystore.aliaspass = password	# as entered in step 1 (openssl pkcs12 -export) 
-```
\ No newline at end of file