Difference between revisions of "OpenKM authentication"
m (→Roles) |
|||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{TOCright}} __TOC__ | {{TOCright}} __TOC__ | ||
− | Authentication (from Greek: αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true. This might involve confirming the identity of a person, the origins of an artifact, or assuring that a computer program is a trusted one | + | Authentication (from Greek: αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true. This might involve confirming the identity of a person, the origins of an artifact, or assuring that a computer program is a trusted one. |
− | + | {{Note|Authentication is handled by '''SpringSecurity in OpenKM 6.2''' and '''JBoss and JAAS in OpenKM 5.1'''.}} | |
− | {{Advice|Read [[Debugging_OpenKM#Debugging_JAAS_configuration|Debugging JAAS configuration]] to learn how to debug a problematic JAAS configuration.}} | + | {{Advice|OpenKM 5.1.x is deployed in JBoss which uses JAAS. Read [[Debugging_OpenKM#Debugging_JAAS_configuration|Debugging JAAS configuration]] to learn how to debug a problematic JAAS configuration.}} |
− | + | Also remember the '''principal.adapter''' configuration option. OpenKM need this configuration to create a list of users and roles available in the changing permissions dialog. This is done by the '''DatabasePrincipalAdapter''' class. This is an implementation of the '''com.openkm.principal.PrincipalAdapter''' interface: | |
− | |||
− | |||
− | |||
− | |||
<source lang="java"> | <source lang="java"> | ||
Line 68: | Line 64: | ||
== Roles == | == Roles == | ||
− | OpenKM has two roles defined by default | + | OpenKM has two roles defined by default: '''ROLE_ADMIN''' and '''ROLE_USER'''. |
− | + | '''ROLE_USER''' is mandatory for all users, because is internally used by OpenKM for connection purposes. Without this right, users can not connect to OpenKM and you'll get a 403 status code error. | |
− | You can give | + | You can give '''ROLE_ADMIN''' to any user, and he'll get administrator privileges, seeing any folder and doing any operation without retrictions. Users with '''ROLE_ADMIN''' have access to the administrator tab in the web user interface. |
[[Category: Installation Guide]] | [[Category: Installation Guide]] |
Latest revision as of 19:25, 1 December 2012
Contents |
Authentication (from Greek: αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true. This might involve confirming the identity of a person, the origins of an artifact, or assuring that a computer program is a trusted one.
Authentication is handled by SpringSecurity in OpenKM 6.2 and JBoss and JAAS in OpenKM 5.1. |
OpenKM 5.1.x is deployed in JBoss which uses JAAS. Read Debugging JAAS configuration to learn how to debug a problematic JAAS configuration. |
Also remember the principal.adapter configuration option. OpenKM need this configuration to create a list of users and roles available in the changing permissions dialog. This is done by the DatabasePrincipalAdapter class. This is an implementation of the com.openkm.principal.PrincipalAdapter interface:
public interface PrincipalAdapter {
/**
* Method to retrieve all users from a authentication source.
*
* @return A Collection with all the users.
* @throws PrincipalAdapterException If any error occurs.
*/
public List<String> getUsers() throws PrincipalAdapterException;
/**
* Method to retrieve all roles from a authentication source.
*
* @return A Collection with all the roles.
* @throws PrincipalAdapterException If any error occurs.
*/
public List<String> getRoles() throws PrincipalAdapterException;
/**
* Method to retrieve all users from a role.
*
* @return A Collection with all the users within a role.
* @throws PrincipalAdapterException If any error occurs.
*/
public List<String> getUsersByRole(String role) throws PrincipalAdapterException;
/**
* Method to retrieve all roles from a user.
*
* @return A Collection with all the roles of the user.
* @throws PrincipalAdapterException If any error occurs.
*/
public List<String> getRolesByUser(String user) throws PrincipalAdapterException;
/**
* Method to retrieve the mail from a user.
*
* @param users A user id.
* @return The email of the user.
* @throws PrincipalAdapterException If any error occurs.
*/
public String getMail(String user) throws PrincipalAdapterException;
/**
* Method to retrieve the name from a user.
*
* @param users A user id.
* @return The name of the user.
* @throws PrincipalAdapterException If any error occurs.
*/
public String getName(String user) throws PrincipalAdapterException;
}
Roles
OpenKM has two roles defined by default: ROLE_ADMIN and ROLE_USER.
ROLE_USER is mandatory for all users, because is internally used by OpenKM for connection purposes. Without this right, users can not connect to OpenKM and you'll get a 403 status code error.
You can give ROLE_ADMIN to any user, and he'll get administrator privileges, seeing any folder and doing any operation without retrictions. Users with ROLE_ADMIN have access to the administrator tab in the web user interface.