...
User authentication is generally handled by the Servlet container, i.e. Tomcat, JBoss AS, Jetty, etc. Authenticated requests will arrive at Fedora servlets with a non-null values for getRemoteUser() and getUserPrincipal().
Users authenticated in this way will have user Fedora users have servlet container roles of either fedoraUser or fedoraAdmin.
- fedoraAdmin - Grants blanket superuser permissions to the the Fedora repository. Bypasses the configured policy enforcement point (PEP).
- fedoraUser - Grants permissions that are specific to the user or their principalsbased on the configured policy enforcement point (PEP), see authorization below.
Info | ||
---|---|---|
| ||
Implementations may configure application containers the servlet container to employ any user authentication mechanism that meets servlet specifications. This is container-specific, but usually includes JAAS, LDAP, CAS, Shibboleth, etc.. |
...