...
| Excerpt |
|---|
The JOC Cockpit brings user authentication and authorization to the JobScheduler. Authentication can either take place against an Apache ShiroTM compliant configuration file, an LDAP compliant directory service or information stored in a database. Authorization is defined in roles - a set of roles is provided with the JOC Cockpit and users are able to define their own roles. The JOC Cockpit is able to handle authentication of multiple users and their authorization for multiple JobSchedulers simultaneously. |
| Show If | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
|
Authentication and Authorization
- The JOC Cockpit makes use of uses Apache Shiro to authenticate and authorize users.
- Authentication and Authorization can be mapped to:
- a local configuration (
.ini) file that includes user names, roles and permission, - a directory service that provides an LDAP interface, e.g. Microsoft Active Directory,
- database that complies with the Shiro data model requirements and that is managed (and populated) by an administrator.
- a local configuration (
...
- After successful authentication the JOC Cockpit will check the assignment of roles to the given user:
- either by using a configurable LDAP query that checks membership of the user with a number of Active Directory groups. An LDAP query is configured for each role and in case of a positive match for group membership the user is assigned the relevant role.
- or by using its local configuration file that includes a assignment of users and roles.
- The assignment of permissions to roles is configured with the local
shiro.iniconfiguration file.- By default the JOC Cockpit ships with a number of predefined roles and assigned permissionpermissions, see the Matrix of Roles and Permissions below.
- Users can:
- add additional roles of their own,
- change the permissions assigned to roles.
- Authorization is configured in an
.inifile described in detail in the Authentication and Authorization Configuration article.
...