Difference between revisions of "OpenKM authentication"
From OpenKM Documentation
(Created page with 'Authentication (from Greek: αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, …') |
m (→Roles) |
||
| (35 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | {{TOCright}} __TOC__ | |
| − | + | Authentication (from Greek: αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true. This might involve confirming the identity of a person, the origins of an artifact, or assuring that a computer program is a trusted one. | |
| − | OpenKM | + | {{Note|Authentication is handled by '''SpringSecurity in OpenKM 6.2''' and '''JBoss and JAAS in OpenKM 5.1'''.}} |
| − | + | {{Advice|OpenKM 5.1.x is deployed in JBoss which uses JAAS. Read [[Debugging_OpenKM#Debugging_JAAS_configuration|Debugging JAAS configuration]] to learn how to debug a problematic JAAS configuration.}} | |
| − | Also remember the principal.adapter configuration option. OpenKM need this configuration to create a list of users and roles available in the changing permissions dialog. This is done by the '''DatabasePrincipalAdapter''' class. This is an implementation of the ''' | + | Also remember the '''principal.adapter''' configuration option. OpenKM need this configuration to create a list of users and roles available in the changing permissions dialog. This is done by the '''DatabasePrincipalAdapter''' class. This is an implementation of the '''com.openkm.principal.PrincipalAdapter''' interface: |
<source lang="java"> | <source lang="java"> | ||
| Line 13: | Line 13: | ||
/** | /** | ||
* Method to retrieve all users from a authentication source. | * Method to retrieve all users from a authentication source. | ||
| − | * | + | * |
* @return A Collection with all the users. | * @return A Collection with all the users. | ||
* @throws PrincipalAdapterException If any error occurs. | * @throws PrincipalAdapterException If any error occurs. | ||
*/ | */ | ||
| − | public | + | public List<String> getUsers() throws PrincipalAdapterException; |
/** | /** | ||
* Method to retrieve all roles from a authentication source. | * Method to retrieve all roles from a authentication source. | ||
| − | * | + | * |
* @return A Collection with all the roles. | * @return A Collection with all the roles. | ||
* @throws PrincipalAdapterException If any error occurs. | * @throws PrincipalAdapterException If any error occurs. | ||
*/ | */ | ||
| − | public Collection<String> | + | public List<String> getRoles() throws PrincipalAdapterException; |
| − | + | ||
| + | /** | ||
| + | * Method to retrieve all users from a role. | ||
| + | * | ||
| + | * @return A Collection with all the users within a role. | ||
| + | * @throws PrincipalAdapterException If any error occurs. | ||
| + | */ | ||
| + | public List<String> getUsersByRole(String role) throws PrincipalAdapterException; | ||
| + | |||
| + | /** | ||
| + | * Method to retrieve all roles from a user. | ||
| + | * | ||
| + | * @return A Collection with all the roles of the user. | ||
| + | * @throws PrincipalAdapterException If any error occurs. | ||
| + | */ | ||
| + | public List<String> getRolesByUser(String user) throws PrincipalAdapterException; | ||
| + | |||
| + | /** | ||
| + | * Method to retrieve the mail from a user. | ||
| + | * | ||
| + | * @param users A user id. | ||
| + | * @return The email of the user. | ||
| + | * @throws PrincipalAdapterException If any error occurs. | ||
| + | */ | ||
| + | public String getMail(String user) throws PrincipalAdapterException; | ||
| + | |||
/** | /** | ||
| − | * Method to retrieve the | + | * Method to retrieve the name from a user. |
| − | * | + | * |
| − | * @param users A | + | * @param users A user id. |
| − | * @return | + | * @return The name of the user. |
* @throws PrincipalAdapterException If any error occurs. | * @throws PrincipalAdapterException If any error occurs. | ||
*/ | */ | ||
| − | public | + | public String getName(String user) throws PrincipalAdapterException; |
} | } | ||
</source> | </source> | ||
| + | |||
| + | == Roles == | ||
| + | OpenKM has two roles defined by default: '''ROLE_ADMIN''' and '''ROLE_USER'''. | ||
| + | |||
| + | '''ROLE_USER''' is mandatory for all users, because is internally used by OpenKM for connection purposes. Without this right, users can not connect to OpenKM and you'll get a 403 status code error. | ||
| + | |||
| + | You can give '''ROLE_ADMIN''' to any user, and he'll get administrator privileges, seeing any folder and doing any operation without retrictions. Users with '''ROLE_ADMIN''' have access to the administrator tab in the web user interface. | ||
| + | |||
| + | [[Category: Installation Guide]] | ||
Latest revision as of 20:25, 1 December 2012
Contents |
Authentication (from Greek: αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true. This might involve confirming the identity of a person, the origins of an artifact, or assuring that a computer program is a trusted one.
 |
Authentication is handled by SpringSecurity in OpenKM 6.2 and JBoss and JAAS in OpenKM 5.1. |
 |
OpenKM 5.1.x is deployed in JBoss which uses JAAS. Read Debugging JAAS configuration to learn how to debug a problematic JAAS configuration. |
Also remember the principal.adapter configuration option. OpenKM need this configuration to create a list of users and roles available in the changing permissions dialog. This is done by the DatabasePrincipalAdapter class. This is an implementation of the com.openkm.principal.PrincipalAdapter interface:
public interface PrincipalAdapter {
/**
* Method to retrieve all users from a authentication source.
*
* @return A Collection with all the users.
* @throws PrincipalAdapterException If any error occurs.
*/
public List<String> getUsers() throws PrincipalAdapterException;
/**
* Method to retrieve all roles from a authentication source.
*
* @return A Collection with all the roles.
* @throws PrincipalAdapterException If any error occurs.
*/
public List<String> getRoles() throws PrincipalAdapterException;
/**
* Method to retrieve all users from a role.
*
* @return A Collection with all the users within a role.
* @throws PrincipalAdapterException If any error occurs.
*/
public List<String> getUsersByRole(String role) throws PrincipalAdapterException;
/**
* Method to retrieve all roles from a user.
*
* @return A Collection with all the roles of the user.
* @throws PrincipalAdapterException If any error occurs.
*/
public List<String> getRolesByUser(String user) throws PrincipalAdapterException;
/**
* Method to retrieve the mail from a user.
*
* @param users A user id.
* @return The email of the user.
* @throws PrincipalAdapterException If any error occurs.
*/
public String getMail(String user) throws PrincipalAdapterException;
/**
* Method to retrieve the name from a user.
*
* @param users A user id.
* @return The name of the user.
* @throws PrincipalAdapterException If any error occurs.
*/
public String getName(String user) throws PrincipalAdapterException;
}
Roles
OpenKM has two roles defined by default: ROLE_ADMIN and ROLE_USER.
ROLE_USER is mandatory for all users, because is internally used by OpenKM for connection purposes. Without this right, users can not connect to OpenKM and you'll get a 403 status code error.
You can give ROLE_ADMIN to any user, and he'll get administrator privileges, seeing any folder and doing any operation without retrictions. Users with ROLE_ADMIN have access to the administrator tab in the web user interface.
