...
An example configuration for LDAP and Database authentication is not included with the JOC Cockpit. However, example configurations are presented later in this article (LDAP, Database) to provide system administrators with sufficient information to implement these types of authentication themselves.
...
- Timeout is specified in milliseconds.
| Anchor | ||||
|---|---|---|---|---|
|
LDAP Authentication
Please note that you can specify the roles also in the [users] section like
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
[users]
gauss=, application_manager, my_role
newton=, incident_manager, my_role
[main]
# Public LDAP Server for testing purposes
# see http://www.forumsys.com/en/tutorials/integration-how-to/ldap/online-ldap-test-server/
# Active Directory realm configuration
# See http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.html
ldapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm
ldapRealm.userDnTemplate = uid={0},dc=example,dc=com
ldapRealm.searchBase = dc=example,dc=com
ldapRealm.contextFactory.url = ldap://ldap.forumsys.com:389
ldapRealm.groupNameAttribute=ou
ldapRealm.userNameAttribute=uid
ldapRealm.userSearchFilter=(uniqueMember=uid=%s,dc=example,dc=com)
# Mapping of a LDAP group to roles. You can assign more than one role with separator sign |
# In this example the LDAP group mapping is commented out. The user gauss will have the roles application_manager and my_role.
# You can mix both role sources, the shiro.ini file and the LDAP group mapping.
# ldapRealm.groupRolesMap = \
# "scientists":"it_operator", \
# "mathematicians":"administrator|application_manager"
rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter
rolePermissionResolver.ini = $iniRealm
ldapRealm.rolePermissionResolver = $rolePermissionResolver
securityManager.realms = $ldapRealm
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager
# Session timeout in milliseconds
securityManager.sessionManager.globalSessionTimeout = 360000
[roles]
# Permissions can be assigned to roles with a comma separated list of permissions. Permissions may have * as a wildcard
all = sos:products
administrator = sos:products:joc_cockpit:jobscheduler_master:view, \
sos:products:joc_cockpit:jobscheduler_master:execute:pause, \
sos:products:joc_cockpit:jobscheduler_master:execute:continue, \
sos:products:joc_cockpit:jobscheduler_master:execute:restart, \
sos:products:joc_cockpit:jobscheduler_master:execute:terminate, \
sos:products:joc_cockpit:jobscheduler_master:execute:abort, \
sos:products:joc_cockpit:jobscheduler_master:administration:edit_permissions, \
sos:products:joc_cockpit:jobscheduler_master:administration:remove_old_instances, \
sos:products:joc_cockpit:jobscheduler_master_cluster, \
sos:products:joc_cockpit:jobscheduler_universal_agent
application_manager = sos:products:joc_cockpit:jobscheduler_master:view, \
sos:products:joc_cockpit:jobscheduler_master:execute:pause, \
sos:products:joc_cockpit:jobscheduler_master:execute:continue, \
sos:products:joc_cockpit:jobscheduler_master:administration:manage_categories, \
sos:products:joc_cockpit:jobscheduler_master_cluster:view:status, \
sos:products:joc_cockpit:jobscheduler_universal_agent:view:status, \
sos:products:joc_cockpit:daily_plan:view:status, \
sos:products:joc_cockpit:history:view, \
sos:products:joc_cockpit:order, \
sos:products:joc_cockpit:job_chain, \
sos:products:joc_cockpit:job, \
sos:products:joc_cockpit:process_class, \
sos:products:joc_cockpit:schedule, \
sos:products:joc_cockpit:lock, \
sos:products:joc_cockpit:event, \
sos:products:joc_cockpit:event_action, \
sos:products:joc_cockpit:holiday_calendar:view:status, \
sos:products:joc_cockpit:maintenance_window:view, \
sos:products:joc_cockpit:maintenance_window:enable_disable_maintenance_window, \
sos:products:joc_cockpit:audit_log:view:status, \
sos:products:joc_cockpit:customization:share
it_operator = sos:products:joc_cockpit:jobscheduler_master:view, \
sos:products:joc_cockpit:jobscheduler_master_cluster:view:status, \
sos:products:joc_cockpit:jobscheduler_universal_agent:view:status, \
sos:products:joc_cockpit:daily_plan:view:status, \
sos:products:joc_cockpit:history:view, \
sos:products:joc_cockpit:order, \
sos:products:joc_cockpit:job_chain, \
sos:products:joc_cockpit:job, \
sos:products:joc_cockpit:process_class, \
sos:products:joc_cockpit:schedule, \
sos:products:joc_cockpit:lock, \
sos:products:joc_cockpit:event, \
sos:products:joc_cockpit:event_action, \
sos:products:joc_cockpit:holiday_calendar:view:status, \
sos:products:joc_cockpit:maintenance_window:view, \
sos:products:joc_cockpit:audit_log:view:status, \
sos:products:joc_cockpit:customization:share:view
incident_manager = sos:products:joc_cockpit:jobscheduler_master:view, \
sos:products:joc_cockpit:jobscheduler_master_cluster:view:status, \
sos:products:joc_cockpit:jobscheduler_universal_agent:view:status, \
sos:products:joc_cockpit:daily_plan:view:status, \
sos:products:joc_cockpit:history:view, \
sos:products:joc_cockpit:order:view, \
sos:products:joc_cockpit:order:remove_setback, \
sos:products:joc_cockpit:job_chain:view, \
sos:products:joc_cockpit:job:view, \
sos:products:joc_cockpit:process_class:view, \
sos:products:joc_cockpit:schedule:view, \
sos:products:joc_cockpit:lock:view, \
sos:products:joc_cockpit:event:view, \
sos:products:joc_cockpit:event_action:view, \
sos:products:joc_cockpit:holiday_calendar:view:status, \
sos:products:joc_cockpit:maintenance_window:view, \
sos:products:joc_cockpit:audit_log:view:status, \
sos:products:joc_cockpit:customization:share:view
business_user = sos:products:joc_cockpit:jobscheduler_master:view:status, \
sos:products:joc_cockpit:jobscheduler_master_cluster:view:status, \
sos:products:joc_cockpit:jobscheduler_universal_agent:view:status, \
sos:products:joc_cockpit:daily_plan:view:status, \
sos:products:joc_cockpit:history:view, \
sos:products:joc_cockpit:order:view:status, \
sos:products:joc_cockpit:order:view:order_log, \
sos:products:joc_cockpit:job_chain:view:status, \
sos:products:joc_cockpit:job_chain:view:history, \
sos:products:joc_cockpit:job:view:status, \
sos:products:joc_cockpit:job:view:history, \
sos:products:joc_cockpit:job:view:task_log, \
sos:products:joc_cockpit:process_class:view:status, \
sos:products:joc_cockpit:schedule:view:status, \
sos:products:joc_cockpit:lock:view:status, \
sos:products:joc_cockpit:holiday_calendar:view:status, \
sos:products:joc_cockpit:maintenance_window:view:status, \
sos:products:joc_cockpit:audit_log:view:status, \
sos:products:joc_cockpit:customization:share:view
api_user = sos:products:commands:jobscheduler_master:view:status, \
sos:products:commands:history:view, \
sos:products:commands:order, \
sos:products:commands:job_chain, \
sos:products:commands:job, \
-sos:products:commands:job:view:configuration, \
-sos:products:commands:job_chain:view:configuration, \
-sos:products:commands:order:view:configuration, \
-sos:products:commands:order:remove_setback, \
sos:products:commands:process_class:view:status, \
sos:products:commands:schedule:view:status, \
sos:products:commands:lock:view:status, \
sos:products:commands:holiday_calendar:view:status, \
sos:products:commands:maintenance_window:view:status
my_role = sos:products:commands:jobscheduler_master:view:status, \
sos:products:joc_cockpit:history:view, \
sos:products:joc_cockpit:order:view:status |
| Anchor | ||||
|---|---|---|---|---|
|
Database Authentication
System administrators can implement database authentication manually, using a separate database to the JobScheduler(s) and, if required, a separate DBMS.
...