...
| Excerpt |
|---|
Three methods of user authentication - Shiro, LDAP and Database - and user authorization can be implemented for the JobScheduler JOC Cockpit. A general description of the authentication and authorization is presented in the JOC Cockpit - Authentication and Authorization article. This article describes the configuration required to implement each of the three authentication methods as well as user authorization. This configuration information is held in an Apache ShiroTM .ini file and is used not only by the JOC Cockpit but also by the JobScheduler Web Services API. ScopeThis article describes the file-based configuration of user authentication and authorizarion. The JOC Cockpit provides a graphical editing option for configuration of authentication and user authorization. |
Configuration File Structure
...
The shiro.ini file is delivered with an default configuration for Shiro authentication. This configuration includes a number of user profiles - one of which (root:root) is active and has a role all with all permissions. This profile allows a system administrator to log onto the JOC Cockpit GUI and access all of its features after installation. After installation a A system administrator can then use a text editor to modify the shiro.ini file in order the Account Manager GUI to implement other user profiles, change passwords and, if required, deactivate the root profile.
...
[roles] Configuration
This section contains the authorization information i.e. the mapping of roles onto permissions. This section is required when either Shiro or LDAP authentication is used.
...