...
An example configuration for LDAP and Database authentication is not included with the JOC Cockpit. However, example configurations are presented later in this article (LDAP, Database) to provide system administrators with sufficient information to implement these types of authentication themselves.
...
- Timeout is specified in milliseconds.
Anchor | ||||
---|---|---|---|---|
|
LDAP Authentication
Please note that you can specify the roles also in the [users] section like
...
Code Block | ||||
---|---|---|---|---|
| ||||
[users] gauss=, application_manager, my_role newton=, incident_manager, my_role [main] # Public LDAP Server for testing purposes # see http://www.forumsys.com/en/tutorials/integration-how-to/ldap/online-ldap-test-server/ # Active Directory realm configuration # See http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.html ldapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm ldapRealm.userDnTemplate = uid={0},dc=example,dc=com ldapRealm.searchBase = dc=example,dc=com ldapRealm.contextFactory.url = ldap://ldap.forumsys.com:389 ldapRealm.groupNameAttribute=ou ldapRealm.userNameAttribute=uid ldapRealm.userSearchFilter=(uniqueMember=uid=%s,dc=example,dc=com) # Mapping of a LDAP group to roles. You can assign more than one role with separator sign | # In this example the LDAP group mapping is commented out. The user gauss will have the roles application_manager and my_role. # You can mix both role sources, the shiro.ini file and the LDAP group mapping. # ldapRealm.groupRolesMap = \ # "scientists":"it_operator", \ # "mathematicians":"administrator|application_manager" rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter rolePermissionResolver.ini = $iniRealm ldapRealm.rolePermissionResolver = $rolePermissionResolver securityManager.realms = $ldapRealm cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $cacheManager # Session timeout in milliseconds securityManager.sessionManager.globalSessionTimeout = 360000 [roles] # Permissions can be assigned to roles with a comma separated list of permissions. Permissions may have * as a wildcard all = sos:products administrator = sos:products:joc_cockpit:jobscheduler_master:view, \ sos:products:joc_cockpit:jobscheduler_master:execute:pause, \ sos:products:joc_cockpit:jobscheduler_master:execute:continue, \ sos:products:joc_cockpit:jobscheduler_master:execute:restart, \ sos:products:joc_cockpit:jobscheduler_master:execute:terminate, \ sos:products:joc_cockpit:jobscheduler_master:execute:abort, \ sos:products:joc_cockpit:jobscheduler_master:administration:edit_permissions, \ sos:products:joc_cockpit:jobscheduler_master:administration:remove_old_instances, \ sos:products:joc_cockpit:jobscheduler_master_cluster, \ sos:products:joc_cockpit:jobscheduler_universal_agent application_manager = sos:products:joc_cockpit:jobscheduler_master:view, \ sos:products:joc_cockpit:jobscheduler_master:execute:pause, \ sos:products:joc_cockpit:jobscheduler_master:execute:continue, \ sos:products:joc_cockpit:jobscheduler_master:administration:manage_categories, \ sos:products:joc_cockpit:jobscheduler_master_cluster:view:status, \ sos:products:joc_cockpit:jobscheduler_universal_agent:view:status, \ sos:products:joc_cockpit:daily_plan:view:status, \ sos:products:joc_cockpit:history:view, \ sos:products:joc_cockpit:order, \ sos:products:joc_cockpit:job_chain, \ sos:products:joc_cockpit:job, \ sos:products:joc_cockpit:process_class, \ sos:products:joc_cockpit:schedule, \ sos:products:joc_cockpit:lock, \ sos:products:joc_cockpit:event, \ sos:products:joc_cockpit:event_action, \ sos:products:joc_cockpit:holiday_calendar:view:status, \ sos:products:joc_cockpit:maintenance_window:view, \ sos:products:joc_cockpit:maintenance_window:enable_disable_maintenance_window, \ sos:products:joc_cockpit:audit_log:view:status, \ sos:products:joc_cockpit:customization:share it_operator = sos:products:joc_cockpit:jobscheduler_master:view, \ sos:products:joc_cockpit:jobscheduler_master_cluster:view:status, \ sos:products:joc_cockpit:jobscheduler_universal_agent:view:status, \ sos:products:joc_cockpit:daily_plan:view:status, \ sos:products:joc_cockpit:history:view, \ sos:products:joc_cockpit:order, \ sos:products:joc_cockpit:job_chain, \ sos:products:joc_cockpit:job, \ sos:products:joc_cockpit:process_class, \ sos:products:joc_cockpit:schedule, \ sos:products:joc_cockpit:lock, \ sos:products:joc_cockpit:event, \ sos:products:joc_cockpit:event_action, \ sos:products:joc_cockpit:holiday_calendar:view:status, \ sos:products:joc_cockpit:maintenance_window:view, \ sos:products:joc_cockpit:audit_log:view:status, \ sos:products:joc_cockpit:customization:share:view incident_manager = sos:products:joc_cockpit:jobscheduler_master:view, \ sos:products:joc_cockpit:jobscheduler_master_cluster:view:status, \ sos:products:joc_cockpit:jobscheduler_universal_agent:view:status, \ sos:products:joc_cockpit:daily_plan:view:status, \ sos:products:joc_cockpit:history:view, \ sos:products:joc_cockpit:order:view, \ sos:products:joc_cockpit:order:remove_setback, \ sos:products:joc_cockpit:job_chain:view, \ sos:products:joc_cockpit:job:view, \ sos:products:joc_cockpit:process_class:view, \ sos:products:joc_cockpit:schedule:view, \ sos:products:joc_cockpit:lock:view, \ sos:products:joc_cockpit:event:view, \ sos:products:joc_cockpit:event_action:view, \ sos:products:joc_cockpit:holiday_calendar:view:status, \ sos:products:joc_cockpit:maintenance_window:view, \ sos:products:joc_cockpit:audit_log:view:status, \ sos:products:joc_cockpit:customization:share:view business_user = sos:products:joc_cockpit:jobscheduler_master:view:status, \ sos:products:joc_cockpit:jobscheduler_master_cluster:view:status, \ sos:products:joc_cockpit:jobscheduler_universal_agent:view:status, \ sos:products:joc_cockpit:daily_plan:view:status, \ sos:products:joc_cockpit:history:view, \ sos:products:joc_cockpit:order:view:status, \ sos:products:joc_cockpit:order:view:order_log, \ sos:products:joc_cockpit:job_chain:view:status, \ sos:products:joc_cockpit:job_chain:view:history, \ sos:products:joc_cockpit:job:view:status, \ sos:products:joc_cockpit:job:view:history, \ sos:products:joc_cockpit:job:view:task_log, \ sos:products:joc_cockpit:process_class:view:status, \ sos:products:joc_cockpit:schedule:view:status, \ sos:products:joc_cockpit:lock:view:status, \ sos:products:joc_cockpit:holiday_calendar:view:status, \ sos:products:joc_cockpit:maintenance_window:view:status, \ sos:products:joc_cockpit:audit_log:view:status, \ sos:products:joc_cockpit:customization:share:view api_user = sos:products:commands:jobscheduler_master:view:status, \ sos:products:commands:history:view, \ sos:products:commands:order, \ sos:products:commands:job_chain, \ sos:products:commands:job, \ -sos:products:commands:job:view:configuration, \ -sos:products:commands:job_chain:view:configuration, \ -sos:products:commands:order:view:configuration, \ -sos:products:commands:order:remove_setback, \ sos:products:commands:process_class:view:status, \ sos:products:commands:schedule:view:status, \ sos:products:commands:lock:view:status, \ sos:products:commands:holiday_calendar:view:status, \ sos:products:commands:maintenance_window:view:status my_role = sos:products:commands:jobscheduler_master:view:status, \ sos:products:joc_cockpit:history:view, \ sos:products:joc_cockpit:order:view:status |
Anchor | ||||
---|---|---|---|---|
|
Database Authentication
System administrators can implement database authentication manually, using a separate database to the JobScheduler(s) and, if required, a separate DBMS.
...