Product Knowledge Base

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Authentication and Authorization

  • The JOC Cockpit makes use of Apache Shiro to authenticate and authorize users.
  • Authentication and Authorization can be mapped
    • to a directory service that provides an LDAP interface, e.g. Microsoft Active Directory
    • to a local configuration file (shiro.ini) that includes user names, roles and permission
    • to database that complies to the Shiro data model requirements and that is managed (and populated) by an administrator.

Authentication

  • The JOC Cockpit accepts the user name and password from the login screen and
    • either tries to login to the Active Directory service with the given credentials
    • or tries to verify the credentials from its local configuration file,
    • or checks the credentials in a Shiro compliant database.
  • The credentials are subsequently used for HTTP Authentication with each http request that is created by the JOC Cockpit to the JobScheduler Web Services.
    • Browsers may cache credentials during a session, i.e. they are re-used for single sign-on when opening the JOC Cockpit in a new browser tab. The credentials cache is cleared on termination of the browser.
    • This behavior might vary depending on the browser and version.

Authorization

  • After successful authentication the JOC Cockpit will check the assignement of roles to the given user
    • either by using a configurable LDAP query that checks membership of the user with a number of Active Directory groups. An LDAP query is configured for each role and in case of a positive match for group membership the user is assigned the respective role.
    • or by using its local configuration file that includes a assignment of users and roles.
  • The assignment of permissions to roles is configured with the local shiro.ini configuration file.
    • By default the JOC Cockpit ships with a number of predefined roles and assigned permission, see below Matrix of Roles and Permissions.
    • Roles can be added.
    • The assignment of permissions to roles can be changed.

Matrix of Roles and Permissions

Error rendering macro 'viewxls'

com.atlassian.confluence.macro.MacroExecutionException: com.atlassian.confluence.macro.MacroExecutionException: You don't have sufficient privileges to view the attachment 'joc-role-operation-permission.xlsx' from page 'Roadmap - Requirements - User Management' in space 'PROJOC'

Additional Information

Roles and permissions are configurable to the following extent:

  • What cannot be changed:
    • The number and type of permissions is fixed.
  • What can be changed:
    • The number of roles can be changed.
    • The permission value yes/no can be changed for each permisison in each role.
    • A user can be assigned any number of the roles offered.
  • Role/permissions configuration file:
    • The configuration of the permissions for each role is stored in a shiro.ini file.
    • Users can be added to groups in an Active Directory for which queries have to be configured with shiro.ini.

 

 

  • No labels