Table of Contents |
---|
Introduction
Excerpt |
---|
The JOC Cockpit brings user authentication and authorization to the JobScheduler. Authentication can either take place against a Shiro compliant configuration file or an LDAP compliant directory service. The JOC Cockpit is able to handle authentication of multiple users and their authorization for multiple JobSchedulers simultaneously. |
Authentication and Authorization
- The JOC Cockpit makes use of Apache Shiro to authenticate and authorize users.
- Authentication and Authorization can be mapped
- to a directory service that provides an LDAP interface, e.g. Microsoft Active Directory
- to a local configuration file (shiro.ini) that includes user names, roles and permission
- to database that complies to the Shiro data model requirements and that is managed (and populated) by an administrator.
Authentication
- The JOC Cockpit accepts the user name and password from the login screen and
- either tries to login to the Active Directory service with the given credentials
- or tries to verify the credentials from its local configuration file,
- or checks the credentials in a Shiro compliant database.
- The credentials are subsequently used for HTTP Authentication with each HTTP request that is created by the JOC Cockpit to the JobScheduler Web Services.
- Browsers may cache credentials during a session, i.e. they are re-used for single sign-on when opening the JOC Cockpit in a new browser tab. The credentials cache is cleared on termination of the browser.
- This behavior might vary depending on the browser and version.
Authorization
- After successful authentication the JOC Cockpit will check the assignment of roles to the given user
- either by using a configurable LDAP query that checks membership of the user with a number of Active Directory groups. An LDAP query is configured for each role and in case of a positive match for group membership the user is assigned the respective role.
- or by using its local configuration file that includes a assignment of users and roles.
- The assignment of permissions to roles is configured with the local shiro.ini configuration file.
- By default the JOC Cockpit ships with a number of predefined roles and assigned permission, see below Matrix of Roles and Permissions.
- Roles can be added.
- The assignment of permissions to roles can be changed.
User Profile and Roles
The following screenshot shows the User Profile view with the User Details and Roles information:
Matrix of Roles and Permissions
The document below shows the default roles and permissions delivered with the JOC Cockpit.
...
Office Excel | ||||
---|---|---|---|---|
|
Additional Information
Roles and permissions are configurable to the following extent:
...