Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 11

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 12

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Markup for titles changed

Table of Contents

Introduction

Excerpt

The JOC Cockpit brings user authentication and authorization to the JobScheduler. Authentication can either take place against a Shiro compliant configuration file or an LDAP compliant directory service. The JOC Cockpit is able to handle authentication of multiple users and their authorization for multiple JobSchedulers simultaneously.

Authentication and Authorization

  • The JOC Cockpit makes use of Apache Shiro to authenticate and authorize users.
  • Authentication and Authorization can be mapped
    • to a directory service that provides an LDAP interface, e.g. Microsoft Active Directory
    • to a local configuration file (shiro.ini) that includes user names, roles and permission
    • to database that complies to the Shiro data model requirements and that is managed (and populated) by an administrator.

Authentication

  • The JOC Cockpit accepts the user name and password from the login screen and
    • either tries to login to the Active Directory service with the given credentials
    • or tries to verify the credentials from its local configuration file,
    • or checks the credentials in a Shiro compliant database.
  • The credentials are subsequently used for HTTP Authentication with each HTTP request that is created by the JOC Cockpit to the JobScheduler Web Services.
    • Browsers may cache credentials during a session, i.e. they are re-used for single sign-on when opening the JOC Cockpit in a new browser tab. The credentials cache is cleared on termination of the browser.
    • This behavior might vary depending on the browser and version.

Authorization

  • After successful authentication the JOC Cockpit will check the assignment of roles to the given user
    • either by using a configurable LDAP query that checks membership of the user with a number of Active Directory groups. An LDAP query is configured for each role and in case of a positive match for group membership the user is assigned the respective role.
    • or by using its local configuration file that includes a assignment of users and roles.
  • The assignment of permissions to roles is configured with the local shiro.ini configuration file.
    • By default the JOC Cockpit ships with a number of predefined roles and assigned permission, see below Matrix of Roles and Permissions.
    • Roles can be added.
    • The assignment of permissions to roles can be changed.

User Profile and Roles

The following screenshot shows the User Profile view with the User Details and Roles information:

Matrix of Roles and Permissions

The document below shows the default roles and permissions delivered with the JOC Cockpit.

...

Office Excel
namejoc-role-operation-permission.xlsx
spacePROJOC

Additional Information

Roles and permissions are configurable to the following extent:

...