...
- It simplifies administration in complex environments. Whilst the administration of the permissions of several hundred folders in a multi-client system is manageable, the administration of several thousand requires brings an extremely high administrative requirement and error susceptibility.
- Role-based permissions allow the permissions for individual clients to be managed separately.
- The clear separation of permissions also simplifies meeting compliance requirements.
JOC Cluster
To enable the JOC Cluster
- install one or more JOC Servers
- all JOC Servers must use the same database
- add to the shiro.ini in the
[main]sectionsessionDAO = com.sos.auth.shiro.SOSDistributedSessionDAOsecurityManager.sessionManager.sessionDAO = $sessionDAO
- Connect all JOC servers to a load balancer.
Implementation
- The JOC Cockpit uses Apache Shiro to authenticate and authorize users.
- Authentication and Authorization information can be read by Shiro from a number of separate resources. These are:
- a local configuration (
shiro.ini) file that may include both authentication and authorization information, depending on the methods of authentication and authorization configured; - a authentication service that provides an LDAP interface such as Microsoft Active Directory and
- a database containing both authentication and authorization information and which complies with the Shiro data model requirements. This database will be managed (and populated) by a system administrator.
- a local configuration (
...