...
Table of Contents |
---|
Fedora Principal Providers allow a Fedora repository to pull in user security and role designations from other sources (e.g. LDAP). Providers are consulted after the initial container authentication but before finer-grained authentication (such as role resolution) is applied.
...
HttpHeaderPrincipalProvider is a Principal Provider that obtains its initial set of principals from HTTP header requests instead of the repo.xml file..
Code Block | ||
---|---|---|
| ||
<!-- Optional PrincipalProvider that will inspect the request header, "some-header", for user role values -->
<bean name="headerProvider" class="org.fcrepo.auth.common.HttpHeaderPrincipalProvider">
<property name="headerName" value="some-header"/>
<property name="separator" value=","/>
</bean>
<bean name="authenticationProvider" class="org.fcrepo.auth.common.ServletContainerAuthenticationProvider"
p:fad-ref="fad" p:principalProviders-ref="headerProvider"/> |
Implementation Details
The Fedora class org.fcrepo.auth.common.ServletContainerAuthenticationProvider contains a list of PrincipalProvider derivative instances that are called for every authentication query. The union of the authentication traits of the PrincipalProvider instances will be assigned to the FEDORA_ALL_PRINCIPALS session attribute. In the case that the user is has the fedoraAdmin role, a FedoraAdminSecurityContext is provided as the users SecurityContext. If the user does not have the fedoraAdmin role, an ExecutionContext is provided as the users SecurityContext.
...