Basic file-based repository, with basic access roles authorization enabled. Querying is OFF.
Copy the repository config file shown below to config/repository-basic-authn.json and the jettty-users.properties file shown below to config/.
| Parameter | Suggested values | Notes |
|---|---|---|
| Modeshape configuration | minimal | -Dfcrepo.modeshape.configuration=classpath:config/repository-basic-authn.json |
| Infinispan configuration | basic | |
| Is a federated component required? | No | |
| Is a sequencing component required? | No | |
Is an authorization layer required? | Yes | Start up fcrepo-webapp with the following added system property: -Djetty.users.file=target/classes/config/jetty-users.properties Run the script createNodeWithRoles.sh (below) to provision a test node with ACLs. See testACL.json (below) for test ACLs. |
| Is versioning required? | No |
repository-basic-authn.json
{
"name" : "fedora-secured-repo",
"jndiName" : "",
"workspaces" : {
"predefined" : ["default"],
"default" : "default",
"allowCreation" : true
},
"query" : {
"enabled" : false
},
"storage" : {
"cacheName" : "FedoraRepository",
"cacheConfiguration" : "${fcrepo.infinispan.cache_configuration:config/infinispan/basic/infinispan.xml}",
"binaryStorage" : {
"type" : "cache",
"dataCacheName" : "FedoraRepositoryBinaryData",
"metadataCacheName" : "FedoraRepositoryMetaData"
}
},
"security" : {
"anonymous" : {
"roles" : ["readonly","readwrite","admin"],
"useOnFailedLogin" : false
},
"providers" : [
{ "classname" : "org.fcrepo.auth.ServletContainerAuthenticationProvider" }
]
},
"node-types" : ["fedora-node-types.cnd"]
}
repo.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<!-- Context that supports the actual ModeShape JCR itself -->
<context:annotation-config />
<context:component-scan base-package="org.fcrepo.kernel.services" />
<bean name="modeshapeRepofactory" class="org.fcrepo.kernel.spring.ModeShapeRepositoryFactoryBean"
depends-on="authenticationProvider">
<property name="repositoryConfiguration" value="${fcrepo.modeshape.configuration:./repository-basic-authn.json}" />
</bean>
<bean name="authenticationProvider" class="org.fcrepo.auth.ServletContainerAuthenticationProvider">
<property name="pep" ref="pep"/>
</bean>
<bean name="pep" class="org.fcrepo.auth.roles.basic.BasicRolesPEP"/>
<bean class="org.modeshape.jcr.JcrRepositoryFactory" />
</beans>
jetty-users.properties
testuser: turnip1,fedoraUser adminuser: turnip2,fedoraUser fedoraAdmin: turnip3,fedoraAdmin
testACL.json
{
"EVERYONE" : [ "reader" ],
"testuser" : [ "reader" ],
"adminuser" : [ "admin" ]
}
createNodeWithRoles.sh
#!/bin/bash -x rooturl="http://localhost:8080/rest" curl -X DELETE "$rooturl/testparent" -u fedoraAdmin:turnip3 curl -X POST "$rooturl/testparent" -u fedoraAdmin:turnip3 curl -H "Content-Type: application/json" -X POST "$rooturl/testparent/fcr:accessRoles" -u fedoraAdmin:turnip3 -d "@/path/to/testACL.json"
