OpenKM authentication

From OpenKM Documentation
Jump to: navigation, search

Contents

Authentication (from Greek: αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true. This might involve confirming the identity of a person, the origins of an artifact, or assuring that a computer program is a trusted one.


Nota clasica.png Authentication is handled by SpringSecurity in OpenKM 6.2 and JBoss and JAAS in OpenKM 5.1.


Nota idea.png OpenKM 5.1.x is deployed in JBoss which uses JAAS. Read Debugging JAAS configuration to learn how to debug a problematic JAAS configuration.

Also remember the principal.adapter configuration option. OpenKM need this configuration to create a list of users and roles available in the changing permissions dialog. This is done by the DatabasePrincipalAdapter class. This is an implementation of the com.openkm.principal.PrincipalAdapter interface:

public interface PrincipalAdapter {
    /**
     * Method to retrieve all users from a authentication source.
     * 
     * @return A Collection with all the users.
     * @throws PrincipalAdapterException If any error occurs.
     */
    public List<String> getUsers() throws PrincipalAdapterException;

    /**
     * Method to retrieve all roles from a authentication source.
     * 
     * @return A Collection with all the roles.
     * @throws PrincipalAdapterException If any error occurs.
     */
    public List<String> getRoles() throws PrincipalAdapterException;
    
    /**
     * Method to retrieve all users from a role.
     * 
     * @return A Collection with all the users within a role.
     * @throws PrincipalAdapterException If any error occurs.
     */
    public List<String> getUsersByRole(String role) throws PrincipalAdapterException;
    
    /**
     * Method to retrieve all roles from a user.
     * 
     * @return A Collection with all the roles of the user.
     * @throws PrincipalAdapterException If any error occurs.
     */
    public List<String> getRolesByUser(String user) throws PrincipalAdapterException;
    
    /**
     * Method to retrieve the mail from a user.
     * 
     * @param users A user id.
     * @return The email of the user.
     * @throws PrincipalAdapterException If any error occurs.
     */
    public String getMail(String user) throws PrincipalAdapterException;
    
    /**
     * Method to retrieve the name from a user.
     * 
     * @param users A user id.
     * @return The name of the user.
     * @throws PrincipalAdapterException If any error occurs.
     */
    public String getName(String user) throws PrincipalAdapterException;
}

Roles

OpenKM has two roles defined by default: ROLE_ADMIN and ROLE_USER.

ROLE_USER is mandatory for all users, because is internally used by OpenKM for connection purposes. Without this right, users can not connect to OpenKM and you'll get a 403 status code error.

You can give ROLE_ADMIN to any user, and he'll get administrator privileges, seeing any folder and doing any operation without retrictions. Users with ROLE_ADMIN have access to the administrator tab in the web user interface.