...
Login to crowd interface
Info In order to create application user group, user should have crowd admin role. - Define a application user group(s)
Create application specific group. For example WRP admin can be ihtsdo-wrp-admin. A normal WRP user can be categorize under ihtsdo-wrp-users
Info This step can be skipped if application want to use default user group - ihtsdo-users for an application for authorization
- Add newly created group to ihtsdo-tools application as shown in image
Enable back end security using spring security.
In order to enable spring based security, application should use dependency of ihtsdo-crowd-resources and ihtsdo-crowd-bridge modules in its maven build. An example of these is given as below.
Info Authorization is specific to individual application under IHTSDO tools and application should decide how to enforce authorization to available roles to application. Code Block language xml firstline 1 title Maven Dependency firstline 1 linenumbers true <dependency> <groupId>org.ihtsdo.otf</groupId> <artifactId>ihtsdo-crowd-resources</artifactId> <version>x.x.x</version> <classifier>resources</classifier> <type>zip</type> <scope>provided</scope> </dependency> <dependency> <groupId>org.ihtsdo.otf</groupId> <artifactId>ihtsdo-crowd-bridge</artifactId> <version>x.x.x</version> </dependency>Load crowd spring bean resources application-im-common-security-config.xml and applicationContext-CrowdClient.xml. Loading can be done using both xml or java annotation way. Example is
Code Block language xml title Crowd Spring Beans Xml Config <import resource="classpath:applicationContext-CrowdClient.xml" />, <import resource="classpath:application-im-common-security-config.xml" /> or Java annotation @ImportResource({"classpath:applicationContext-CrowdClient.xml","classpath:application-im-common-security-config.xml"})Bundle above crowd spring bean resource files in war.
Code Block language xml firstline 1 title Maven Crowd Resources Loading firstline 1 linenumbers true <resources> <resource> <directory>${basedir}/src/main/resources</directory> </resource> <resource> <directory>${project.build.directory}/generated-resources</directory> <filtering>true</filtering> </resource> </resources> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-dependency-plugin</artifactId> <version>2.10</version> <executions> <execution> <id>unpack-crowd-resources</id> <goals> <goal>unpack-dependencies</goal> </goals> <phase>generate-resources</phase> <configuration> <outputDirectory>${project.build.directory}/generated-resources</outputDirectory> <includeGroupIds>${project.groupId}</includeGroupIds> <includeArtifacIds>ihtsdo-crowd-resources</includeArtifacIds> <excludeArtifactIds>*</excludeArtifactIds> <excludeTransitive>true</excludeTransitive> <scope>provided</scope> <includes>crowd.properties, application-im-common-security-config.xml, applicationContext-CrowdClient.xml, crowd-ehcache.xml </includes> </configuration> </execution> </executions> </plugin>Enable method lavel level security using spring security annotation or xml config.
Code Block language xml title Method Security Configuration <sec:global-method-security pre-post-annotations="enabled"/>
- Use Method annotation or resource annotation to enforce authorization to desired role. See example in Identity Service module or Refset service module.
...
| Content by Label | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Page properties | ||
|---|---|---|
| ||
|