Basic file-based repository, with basic access roles authorization enabled. Querying is OFF.
Copy the repository config file shown below to config/repository-basic-authn.json and the jettty-users.properties file shown below to config/.
Parameter | Suggested values | Notes |
---|---|---|
Modeshape configuration | minimal | -Dfcrepo.modeshape.configuration=classpath:config/repository-basic-authn.json |
Infinispan configuration | basic | |
Is a federated component required? | No | |
Is a sequencing component required? | No | |
Is an authorization layer required? | Yes | Start up fcrepo-webapp with the following added system property: -Djetty.users.file=target/classes/config/jetty-users.properties Run the script createNodeWithRoles.sh (below) to provision a test node with ACLs. See testACL.json (below) for test ACLs. |
Is versioning required? | No |
{ "name" : "fedora-secured-repo", "jndiName" : "", "workspaces" : { "predefined" : ["default"], "default" : "default", "allowCreation" : true }, "query" : { "enabled" : false }, "storage" : { "cacheName" : "FedoraRepository", "cacheConfiguration" : "${fcrepo.infinispan.cache_configuration:config/infinispan/basic/infinispan.xml}", "binaryStorage" : { "type" : "cache", "dataCacheName" : "FedoraRepositoryBinaryData", "metadataCacheName" : "FedoraRepositoryMetaData" } }, "security" : { "anonymous" : { "roles" : ["readonly","readwrite","admin"], "useOnFailedLogin" : false }, "providers" : [ { "classname" : "org.fcrepo.auth.ServletContainerAuthenticationProvider" } ] }, "node-types" : ["fedora-node-types.cnd"] }
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <!-- Context that supports the actual ModeShape JCR itself --> <context:annotation-config /> <context:component-scan base-package="org.fcrepo.kernel.services" /> <bean name="modeshapeRepofactory" class="org.fcrepo.kernel.spring.ModeShapeRepositoryFactoryBean" depends-on="authenticationProvider"> <property name="repositoryConfiguration" value="${fcrepo.modeshape.configuration:./repository-basic-authn.json}" /> </bean> <bean name="authenticationProvider" class="org.fcrepo.auth.ServletContainerAuthenticationProvider"> <property name="pep" ref="pep"/> </bean> <bean name="pep" class="org.fcrepo.auth.roles.basic.BasicRolesPEP"/> <bean class="org.modeshape.jcr.JcrRepositoryFactory" /> </beans>
testuser: turnip1,fedoraUser adminuser: turnip2,fedoraUser fedoraAdmin: turnip3,fedoraAdmin
{ "EVERYONE" : [ "reader" ], "testuser" : [ "reader" ], "adminuser" : [ "admin" ] }
#!/bin/bash -x rooturl="http://localhost:8080/rest" curl -X DELETE "$rooturl/testparent" -u fedoraAdmin:turnip3 curl -X POST "$rooturl/testparent" -u fedoraAdmin:turnip3 curl -H "Content-Type: application/json" -X POST "$rooturl/testparent/fcr:accessRoles" -u fedoraAdmin:turnip3 -d "@/path/to/testACL.json"