OpenKM authentication
Contents |
Authentication (from Greek: αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true. This might involve confirming the identity of a person, the origins of an artifact, or assuring that a computer program is a trusted one.
 |
Authentication is handled by SpringSecurity in OpenKM 6.2 and JBoss and JAAS in OpenKM 5.1. |
 |
OpenKM 5.1.x is deployed in JBoss which uses JAAS. Read Debugging JAAS configuration to learn how to debug a problematic JAAS configuration. |
Also remember the principal.adapter configuration option. OpenKM need this configuration to create a list of users and roles available in the changing permissions dialog. This is done by the DatabasePrincipalAdapter class. This is an implementation of the com.openkm.principal.PrincipalAdapter interface:
public interface PrincipalAdapter {
/**
* Method to retrieve all users from a authentication source.
*
* @return A Collection with all the users.
* @throws PrincipalAdapterException If any error occurs.
*/
public List<String> getUsers() throws PrincipalAdapterException;
/**
* Method to retrieve all roles from a authentication source.
*
* @return A Collection with all the roles.
* @throws PrincipalAdapterException If any error occurs.
*/
public List<String> getRoles() throws PrincipalAdapterException;
/**
* Method to retrieve all users from a role.
*
* @return A Collection with all the users within a role.
* @throws PrincipalAdapterException If any error occurs.
*/
public List<String> getUsersByRole(String role) throws PrincipalAdapterException;
/**
* Method to retrieve all roles from a user.
*
* @return A Collection with all the roles of the user.
* @throws PrincipalAdapterException If any error occurs.
*/
public List<String> getRolesByUser(String user) throws PrincipalAdapterException;
/**
* Method to retrieve the mail from a user.
*
* @param users A user id.
* @return The email of the user.
* @throws PrincipalAdapterException If any error occurs.
*/
public String getMail(String user) throws PrincipalAdapterException;
/**
* Method to retrieve the name from a user.
*
* @param users A user id.
* @return The name of the user.
* @throws PrincipalAdapterException If any error occurs.
*/
public String getName(String user) throws PrincipalAdapterException;
}
Roles
OpenKM has two roles defined by default: ROLE_ADMIN and ROLE_USER.
ROLE_USER is mandatory for all users, because is internally used by OpenKM for connection purposes. Without this right, users can not connect to OpenKM and you'll get a 403 status code error.
You can give ROLE_ADMIN to any user, and he'll get administrator privileges, seeing any folder and doing any operation without retrictions. Users with ROLE_ADMIN have access to the administrator tab in the web user interface.
