...
Fedora uses two container roles to determine its authorization behavior. The superuser role is fedoraAdmin. Users with this role are not subject to any further authorization checks, and thus can perform any operations on the repository. This is comparable to the fedoraAdmin superuser role in Fedora 3, used for Fedora 3 API-M operations. The regular user role is fedoraUser. Users with this role are subject to authorization checks by the Web Access Control system. The exact permissions any regular user has are determined per request by looking at the effective ACL of the requested resource, the requesting user's security principals, and the nature of the request (HTTP method, content-type, etc.).
If you add additional container roles, then you will need to add these roles to the auth-constraint element in your web.xml. For example:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<web-app>
...
<security-constraint>
...
<auth-constraint>
<role-name>fedoraUser</role-name>
<role-name>fedoraAdmin</role-name>
<role-name>newRoleExample</role-name>
</auth-constraint>
</securty-constraint>
</web-app> |
Configure your web application container
...