Versions Compared

Old Version 7

changes.mady.by.user Scott Prater

Saved on

compared with

New Version Current

changes.mady.by.user Scott Prater

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Basic file-based repository, with basic access roles authorization enabled.  Querying is OFF.

Modify web.xml to point to a repo.xml file that duplicates the one belowCopy the repository config file shown below to config/repository-basic-authn.json and the jettty-users.properties file shown below to config/.

ParameterSuggested valuesNotes
Modeshape configurationminimal-Dfcrepo.modeshape.configuration=classpath:.config/repository-basic-authn.json
Infinispan configurationfilebasic 
Is a federated component required?No 
Is a sequencing component required?No 

Is an authorization layer required?

Yes

Start up fcrepo-webapp with the following added system property:  -Djetty.users.file=target/classes/config/jetty-users.properties

Run the script createNodeWithRoles.sh (below) to provision a test node with ACLs.  See testACL.json (below) for test ACLs.

Is versioning required?No 

...

Code Block
languagexml
titlerepo.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:context="http://www.springframework.org/schema/context"
  xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">

  <!-- Context that supports the actual ModeShape JCR itself -->

  <context:annotation-config />
  
  <context:component-scan base-package="org.fcrepo.kernel.services" />

  <bean name="modeshapeRepofactory" class="org.fcrepo.kernel.spring.ModeShapeRepositoryFactoryBean"
    depends-on="authenticationProvider">
    <property name="repositoryConfiguration" value="${fcrepo.modeshape.configuration:./repository-basic-authn.json}" />
  </bean>

  <bean name="authenticationProvider" class="org.fcrepo.auth.ServletContainerAuthenticationProvider">
    <property name="pep" ref="pep"/>
  </bean>
  
  <bean name="pep" class="org.fcrepo.auth.roles.basic.BasicRolesPEP"/>

  <bean class="org.modeshape.jcr.JcrRepositoryFactory" />

</beans>
Code Block
titlejetty-users.properties
testuser: turnip1,fedoraUser
adminuser: turnip2,fedoraUser
fedoraAdmin: turnip3,fedoraAdmin
Code Block
languageruby
titletestACL.json
{
  "EVERYONE" : [ "reader" ],
  "testuser" : [ "reader" ],
  "adminuser" : [ "admin" ]
}
Code Block
languagebash
titlecreateNodeWithRoles.sh
#!/bin/bash -x

rooturl="http://localhost:8080/rest"

curl -X DELETE "$rooturl/testparent" -u fedoraAdmin:turnip3
curl -X POST "$rooturl/testparent" -u fedoraAdmin:turnip3
curl -H "Content-Type: application/json" -X POST "$rooturl/testparent/fcr:accessRoles" -u fedoraAdmin:turnip3 -d "@/path/to/testACL.json"