Versions Compared

Old Version 8

changes.mady.by.user Scott Prater

Saved on

compared with

New Version 9

changes.mady.by.user Scott Prater

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning

UNDER DEVELOPMENT

This policy enforcement point (PEP) makes decisions based on the four basic roles of "metadata reader", "reader", "writer", and "admin". These roles are assigned to principals on Fedora objects and datastreams. Assigned roles are inherited through the repository tree until blocked by another assignment.

...

 metadata readerreaderwriteradmin
read propertiesXXXX
read content XXX
write  XX
write roles   X

Configuring the Basic Role-Based PEP

 Edit your repo.xml file to configure the Basic Role-based PEP authentication provider.  The file should contain these three beans, as shown:

<bean name="modeshapeRepofactory" class="org.fcrepo.kernel.spring.ModeShapeRepositoryFactoryBean"
  depends-on="authenticationProvider">
    <property name="repositoryConfiguration" value="${fcrepo.modeshape.configuration:repository.json}" />
</bean>
<bean name="pep" class="org.fcrepo.auth.roles.BasicRolesPEP"/>
<bean name="authenticationProvider" class="org.fcrepo.auth.ServletContainerAuthenticationProvider">
  <property name="pep" ref="pep"/>
</bean>

Since the basic Role-based PEP provides its own roles (described above), there is no need to configure the repository.json security section.