Minimal Basic file-based repository, with basic access roles authorization enabled. Querying is OFF.
Copy the repository config file shown below to config/repository-basic-authn.json and the jettty-users.properties file shown below to config/.
Parameter | Suggested values | Notes |
---|
Modeshape configuration | minimal | -Dfcrepo.modeshape.configuration=classpath:/config/minimal/repository-basic-authn.json |
Infinispan configuration | filebasic | |
Is a federated component required? | No | |
Is a sequencing component required? | No | |
Is an authorization layer required? | Yes | Start up fcrepo-webapp with the following added system property: -Djetty.users.file=target/classes/config/jetty-users.properties Run the script createNodeWithRoles.sh (below) to provision a test node with ACLs. See testACL.json (below) for test ACLs. |
Is versioning required? | No | |
Code Block |
---|
language | ruby |
---|
title | repository-basic-authn.json |
---|
|
{
"name" : "fedora-secured-repo",
"jndiName" : "",
"workspaces" : {
"predefined" : ["default"],
"default" : "default",
"allowCreation" : true
},
"query" : {
"enabled" : false
},
"storage" : {
"cacheName" : "FedoraRepository",
"cacheConfiguration" : "${fcrepo.infinispan.cache_configuration:config/infinispan/basic/infinispan.xml}",
"binaryStorage" : {
"type" : "cache",
"dataCacheName" : "FedoraRepositoryBinaryData",
"metadataCacheName" : "FedoraRepositoryMetaData"
}
},
"security" : {
"anonymous" : {
"roles" : ["readonly","readwrite","admin"],
"useOnFailedLogin" : false
},
"providers" : [
{ "classname" : "org.fcrepo.auth.ServletContainerAuthenticationProvider" }
]
},
"node-types" : ["fedora-node-types.cnd"]
} |
Code Block |
---|
|
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<!-- Context that supports the actual ModeShape JCR itself -->
<context:annotation-config />
<context:component-scan base-package="org.fcrepo.kernel.services" />
<bean name="modeshapeRepofactory" class="org.fcrepo.kernel.spring.ModeShapeRepositoryFactoryBean"
depends-on="authenticationProvider">
<property name="repositoryConfiguration" value="${fcrepo.modeshape.configuration:./repository-basic-authn.json}" />
</bean>
<bean name="authenticationProvider" class="org.fcrepo.auth.ServletContainerAuthenticationProvider">
<property name="pep" ref="pep"/>
</bean>
<bean name="pep" class="org.fcrepo.auth.roles.basic.BasicRolesPEP"/>
<bean class="org.modeshape.jcr.JcrRepositoryFactory" />
</beans>
|
Code Block |
---|
title | jetty-users.properties |
---|
|
testuser: turnip1,fedoraUser
adminuser: turnip2,fedoraUser
fedoraAdmin: turnip3,fedoraAdmin |
Code Block |
---|
language | ruby |
---|
title | testACL.json |
---|
|
{
"EVERYONE" : [ "reader" ],
"testuser" : [ "reader" ],
"adminuser" : [ "admin" ]
} |
Code Block |
---|
language | bash |
---|
title | createNodeWithRoles.sh |
---|
|
#!/bin/bash -x
rooturl="http://localhost:8080/rest"
curl -X DELETE "$rooturl/testparent" -u fedoraAdmin:turnip3
curl -X POST "$rooturl/testparent" -u fedoraAdmin:turnip3
curl -H "Content-Type: application/json" -X POST "$rooturl/testparent/fcr:accessRoles" -u fedoraAdmin:turnip3 -d "@/path/to/testACL.json" |