Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 25

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 26

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt

The JOC Cockpit brings user authentication and authorization to the JobScheduler.

Authentication can either take place against an Apache ShiroTM compliant configuration file, an LDAP compliant directory service or information stored in a database.

Authorization is defined in roles - a an example set of roles is provided with the JOC Cockpit installation archive and users are able to define their own roles.

The JOC Cockpit is able to handle authentication of multiple users and their authorization for multiple JobSchedulers simultaneously.

...

  • The JOC Cockpit accepts the user name and password from the login screen and, depending on the configuration in the shiro.ini file, either:
    • tries to verify the credentials against information stored in the shiro.ini file,
    • tries to login to the LDAP directory service with the given credentials or
    • checks the credentials against information stored in a Shiro compliant database.
  • The authentication credentials are subsequently used for HTTP Authentication with each HTTP request that is created by the JOC Cockpit for the JobScheduler Web Services.
    • Browsers may cache credentials during a session, i.e. they are re-used for single sign-on when opening the JOC Cockpit in a new browser tab. The credentials cache is cleared on termination of the browser.
    • This behavior might vary depending on the browser and version.
  • The configuration of the local shiro.ini file is described in detail in the Configuration of Authentication and Authorization - Configuration article.

...

  • System administrators can:
    • add additional roles of their own to the mapping and
    • change the permissions assigned to roles.
  • System administrators wishing to use database authorization can copy this mapping into database tables.
  • Configuration of the shiro.ini file is described in detail in the Configuration of Authentication and Authorization - Configuration article.

Viewing User Profile and Roles

...

This view is read-only for all users - changes can only be made by a system administrator modifying the authentication and authorization configuration as described in the the Configuration of Authentication and Authorization - Configuration article.

Matrix of Roles and Permissions

The document below shows the default example roles and permissions delivered in the JOC Cockpit shiro.ini configuration file. System administrators can define and modify roles and permissions as required.

The purpose of each example role is explained in the notes at the foot of the matrix. Of particular interest is the api_user role that is not intended to use the JOC Cockpit interface but use the JobScheduler Web Services from another application. More information about the Web Services API can be found in the

Document: joc-role-operation-permission.xlsx

...