Commit 36c00de8 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

12: Compose some initial documentation

Task-Url: #12
parent 8459419d
Pipeline #17898 passed with stage
in 1 minute and 49 seconds
......@@ -174,17 +174,17 @@ auth:
#settings under permissionHierarchy and permissionDefinitions apply to all supported authentication methods
permissionHierarchy: ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER
permissionDefinitions:
- permissionSet: ADMINISTRATOR
- permissionSet: ROLE_ADMINISTRATOR
level: 100
roleMappings:
local: ["application_admin"]
saml: ["application_admin"]
- permissionSet: CONTRIBUTOR
- permissionSet: ROLE_CONTRIBUTOR
level: 50
roleMappings:
local: ["application_contributor"]
saml: ["application_contributor"]
- permissionSet: USER
- permissionSet: ROLE_USER
level: 10
roleMappings:
local: ["application_user"]
......@@ -214,21 +214,21 @@ The configuration sample below shows attributes that should be adapted or evalua
```yaml
auth:
# This base URL must indicate the externally visible FQDN
# This base URL must indicate the externally visible FQDN as this is used for callbacks from the IdP
baseUrl: http://localhost:8080
permissionHierarchy: ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER
permissionDefinitions:
- permissionSet: ADMINISTRATOR
- permissionSet: ROLE_ADMINISTRATOR
level: 100
roleMappings:
local: ["application_admin"]
saml: ["application_admin"]
- permissionSet: CONTRIBUTOR
- permissionSet: ROLE_CONTRIBUTOR
level: 50
roleMappings:
local: ["application_contributor"]
saml: ["application_contributor"]
- permissionSet: USER
- permissionSet: ROLE_USER
level: 10
roleMappings:
local: ["application_user"]
......
package eu.dariah.de.dariahsp.authentication;
import java.util.ArrayList;
import java.util.HashSet;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.UsernamePasswordCredentials;
......@@ -47,7 +48,12 @@ public class LocalUsernamePasswordAuthenticator implements Authenticator<Usernam
final CommonProfile profile = new CommonProfile();
profile.setId(username);
profile.addAttribute(Pac4jConstants.USERNAME, username);
profile.setRoles(cnf.getRoles());
if (cnf.getRoles()==null) {
profile.setRoles(new HashSet<>(0));
} else {
profile.setRoles(cnf.getRoles());
}
credentials.setUserProfile(profile);
log.info("Local authentication succeeded [{}]", profile.toString());
......
......@@ -48,7 +48,7 @@ public class SecurityConfig {
private final SAMLSecurity saml = new SAMLSecurity();
private String salt;
private String permissionHierarchy;
private String permissionHierarchy = "";
private List<PermissionDefinition> permissionDefinitions;
private String baseUrl = "http://localhost:8080";
private String defaultLoginUrl = null;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment