...
- The JOC Cockpit makes use of Apache Shiro to authenticate and authorize users.
- Authentication and Authorization can be mapped to:
- a local configuration (
.ini
) file that includes user names, roles and permission, - to a directory service that provides an LDAP interface, e.g. Microsoft Active Directory,to a local configuration file that includes user names, roles and permission,
- to database that complies with the Shiro data model requirements and that is managed (and populated) by an administrator.
- a local configuration (
...
- Intended for development and use where security is of relatively low importance.
- User passwords are saved in plain text in an unencrypted
.ini
file that is saved locally.
- User passwords are saved in plain text in an unencrypted
LDAP Authentication
- Intended for use in production environments where LDAP is already in use.
- The JOC Cockpit configuration file contains information specifying the LDAP service.
...
- After successful authentication the JOC Cockpit will check the assignment of roles to the given user:
- either by using a configurable LDAP query that checks membership of the user with a number of Active Directory groups. An LDAP query is configured for each role and in case of a positive match for group membership the user is assigned the relevant role.
- or by using its local configuration file that includes a assignment of users and roles.
- The assignment of permissions to roles is configured with the local
shiro.ini
configuration file.- By default the JOC Cockpit ships with a number of predefined roles and assigned permission, see the Matrix of Roles and Permissions below.
- Users can:
- add additional roles of their own,
- change the permissions assigned to roles.
- Authorization is configured in an
.ini
file described in detail in the .... - the Authentication and Authorization Configuration article.
User Profile and Roles
The following screenshot shows the JOC Cockpit User Profile view with the User Details and Roles information:
...