Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • It simplifies administration in complex environments. Whilst the administration of the permissions of several hundred folders in a multi-client system is manageable, the administration of several thousand requires brings an extremely high administrative requirement and error susceptibility.
  • Role-based permissions allow the permissions for individual clients to be managed separately.
  • The clear separation of permissions also simplifies meeting compliance requirements.

JOC Cluster

To enable the JOC Cluster

  • install one or more JOC Servers
  • all JOC Servers must use the same database
  • add to the shiro.ini in the [main] section
    • sessionDAO = com.sos.auth.shiro.SOSDistributedSessionDAO
      securityManager.sessionManager.sessionDAO = $sessionDAO
  • Connect all JOC servers to a load balancer.



  • The JOC Cockpit uses Apache Shiro to authenticate and authorize users.
  • Authentication and Authorization information can be read by Shiro from a number of separate resources. These are:
    • a local configuration (shiro.ini) file that may include both authentication and authorization information, depending on the methods of authentication and authorization configured;
    • a authentication service that provides an LDAP interface such as Microsoft Active Directory and
    • a database containing both authentication and authorization information and which complies with the Shiro data model requirements. This database will be managed (and populated) by a system administrator.