Old Release

This documentation covers an old version of Fedora. Looking for another version? See all documentation.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Current »

Basic file-based repository, with basic access roles authorization enabled.  Querying is OFF.

Copy the repository config file shown below to config/repository-basic-authn.json.

ParameterSuggested valuesNotes
Modeshape configurationminimal-Dfcrepo.modeshape.configuration=classpath:config/repository-basic-authn.json
Infinispan configurationbasic 
Is a federated component required?No 
Is a sequencing component required?No 

Is an authorization layer required?

Yes

Start up fcrepo-webapp with the following added system property:  -Djetty.users.file=classpath:config/jetty-users.properties

Run the script createNodeWithRoles.sh (below) to provision a test node with ACLs.  See testACL.json (below) for test ACLs.

Is versioning required?No 
repository-basic-authn.json
{
    "name" : "fedora-secured-repo",
    "jndiName" : "",
    "workspaces" : {
        "predefined" : ["default"],
        "default" : "default",
        "allowCreation" : true
    },
    "query" : {
        "enabled" : false
    },
    "storage" : {
        "cacheName" : "FedoraRepository",
        "cacheConfiguration" : "${fcrepo.infinispan.cache_configuration:config/infinispan/basic/infinispan.xml}",
        "binaryStorage" : {
            "type" : "cache",
            "dataCacheName" : "FedoraRepositoryBinaryData",
            "metadataCacheName" : "FedoraRepositoryMetaData"
        }
    },
    "security" : {
        "anonymous" : {
            "roles" : ["readonly","readwrite","admin"],
            "useOnFailedLogin" : false
        },
        "providers" : [
            { "classname" : "org.fcrepo.auth.ServletContainerAuthenticationProvider" }
        ]
    },
    "node-types" : ["fedora-node-types.cnd"]
}
repo.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:context="http://www.springframework.org/schema/context"
  xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">

  <!-- Context that supports the actual ModeShape JCR itself -->

  <context:annotation-config />
  
  <context:component-scan base-package="org.fcrepo.kernel.services" />

  <bean name="modeshapeRepofactory" class="org.fcrepo.kernel.spring.ModeShapeRepositoryFactoryBean"
    depends-on="authenticationProvider">
    <property name="repositoryConfiguration" value="${fcrepo.modeshape.configuration:./repository-basic-authn.json}" />
  </bean>

  <bean name="authenticationProvider" class="org.fcrepo.auth.ServletContainerAuthenticationProvider">
    <property name="pep" ref="pep"/>
  </bean>
  
  <bean name="pep" class="org.fcrepo.auth.roles.basic.BasicRolesPEP"/>

  <bean class="org.modeshape.jcr.JcrRepositoryFactory" />

</beans>
jetty-users.properties
testuser: turnip1,fedoraUser
adminuser: turnip2,fedoraUser
fedoraAdmin: turnip3,fedoraAdmin
testACL.json
{
  "EVERYONE" : [ "reader" ],
  "testuser" : [ "reader" ],
  "adminuser" : [ "admin" ]
}
createNodeWithRoles.sh
#!/bin/bash -x

rooturl="http://localhost:8080/rest"

curl -X DELETE "$rooturl/testparent" -u fedoraAdmin:turnip3
curl -X POST "$rooturl/testparent" -u fedoraAdmin:turnip3
curl -H "Content-Type: application/json" -X POST "$rooturl/testparent/fcr:accessRoles" -u fedoraAdmin:turnip3 -d "@/path/to/testACL.json"
  • No labels

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.