Commit 36c00de8 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

12: Compose some initial documentation

Task-Url: #12
parent 8459419d
Pipeline #17898 passed with stage
in 1 minute and 49 seconds
...@@ -174,17 +174,17 @@ auth: ...@@ -174,17 +174,17 @@ auth:
#settings under permissionHierarchy and permissionDefinitions apply to all supported authentication methods #settings under permissionHierarchy and permissionDefinitions apply to all supported authentication methods
permissionHierarchy: ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER permissionHierarchy: ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER
permissionDefinitions: permissionDefinitions:
- permissionSet: ADMINISTRATOR - permissionSet: ROLE_ADMINISTRATOR
level: 100 level: 100
roleMappings: roleMappings:
local: ["application_admin"] local: ["application_admin"]
saml: ["application_admin"] saml: ["application_admin"]
- permissionSet: CONTRIBUTOR - permissionSet: ROLE_CONTRIBUTOR
level: 50 level: 50
roleMappings: roleMappings:
local: ["application_contributor"] local: ["application_contributor"]
saml: ["application_contributor"] saml: ["application_contributor"]
- permissionSet: USER - permissionSet: ROLE_USER
level: 10 level: 10
roleMappings: roleMappings:
local: ["application_user"] local: ["application_user"]
...@@ -214,21 +214,21 @@ The configuration sample below shows attributes that should be adapted or evalua ...@@ -214,21 +214,21 @@ The configuration sample below shows attributes that should be adapted or evalua
```yaml ```yaml
auth: auth:
# This base URL must indicate the externally visible FQDN # This base URL must indicate the externally visible FQDN as this is used for callbacks from the IdP
baseUrl: http://localhost:8080 baseUrl: http://localhost:8080
permissionHierarchy: ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER permissionHierarchy: ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER
permissionDefinitions: permissionDefinitions:
- permissionSet: ADMINISTRATOR - permissionSet: ROLE_ADMINISTRATOR
level: 100 level: 100
roleMappings: roleMappings:
local: ["application_admin"] local: ["application_admin"]
saml: ["application_admin"] saml: ["application_admin"]
- permissionSet: CONTRIBUTOR - permissionSet: ROLE_CONTRIBUTOR
level: 50 level: 50
roleMappings: roleMappings:
local: ["application_contributor"] local: ["application_contributor"]
saml: ["application_contributor"] saml: ["application_contributor"]
- permissionSet: USER - permissionSet: ROLE_USER
level: 10 level: 10
roleMappings: roleMappings:
local: ["application_user"] local: ["application_user"]
......
package eu.dariah.de.dariahsp.authentication; package eu.dariah.de.dariahsp.authentication;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashSet;
import org.pac4j.core.context.WebContext; import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.UsernamePasswordCredentials; import org.pac4j.core.credentials.UsernamePasswordCredentials;
...@@ -47,7 +48,12 @@ public class LocalUsernamePasswordAuthenticator implements Authenticator<Usernam ...@@ -47,7 +48,12 @@ public class LocalUsernamePasswordAuthenticator implements Authenticator<Usernam
final CommonProfile profile = new CommonProfile(); final CommonProfile profile = new CommonProfile();
profile.setId(username); profile.setId(username);
profile.addAttribute(Pac4jConstants.USERNAME, username); profile.addAttribute(Pac4jConstants.USERNAME, username);
profile.setRoles(cnf.getRoles());
if (cnf.getRoles()==null) {
profile.setRoles(new HashSet<>(0));
} else {
profile.setRoles(cnf.getRoles());
}
credentials.setUserProfile(profile); credentials.setUserProfile(profile);
log.info("Local authentication succeeded [{}]", profile.toString()); log.info("Local authentication succeeded [{}]", profile.toString());
......
...@@ -48,7 +48,7 @@ public class SecurityConfig { ...@@ -48,7 +48,7 @@ public class SecurityConfig {
private final SAMLSecurity saml = new SAMLSecurity(); private final SAMLSecurity saml = new SAMLSecurity();
private String salt; private String salt;
private String permissionHierarchy; private String permissionHierarchy = "";
private List<PermissionDefinition> permissionDefinitions; private List<PermissionDefinition> permissionDefinitions;
private String baseUrl = "http://localhost:8080"; private String baseUrl = "http://localhost:8080";
private String defaultLoginUrl = null; private String defaultLoginUrl = null;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment