72139b14ee9e1e41a48cddfe3132d906c2a3a8a2
wiki/usermanagement.md
| ... | ... | @@ -14,6 +14,50 @@ The following bundles implement the Shiro-based security features for SSE: |
| 14 | 14 | |
| 15 | 15 | This bundle contains the core Shiro libraries which so far are not yet part of the target platform. It provides basic services such as the `SecurityService` and utilities such as `SessionUtils` and `ClientUtils`. The `SecurityService` instance is created by the bundle activator and registered with the OSGi service registry. |
| 16 | 16 | |
| 17 | +`UsernamePasswordRealm` and `OAuthRealm` are two realm implementations provided by the bundle that can be used in `shiro.ini` configuration files. |
|
| 18 | + |
|
| 19 | +A typical `shiro.ini` configuration file using the `com.sap.sse.security` bundle could look like this: |
|
| 20 | +<pre> |
|
| 21 | + |
|
| 22 | +[main] |
|
| 23 | +shiro.loginUrl = /security/ui/Login.html |
|
| 24 | +shiro.successUrl = /UserManagement.html |
|
| 25 | +anyofroles = com.sap.sse.security.AnyOfRolesFilter |
|
| 26 | +anyofroles.loginUrl = ../security/ui/Login.html |
|
| 27 | + |
|
| 28 | +credentialsMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher |
|
| 29 | +# base64 encoding, not hex in this example: |
|
| 30 | +credentialsMatcher.storedCredentialsHexEncoded = false |
|
| 31 | +credentialsMatcher.hashIterations = 1024 |
|
| 32 | + |
|
| 33 | +# configure the username/password realm: |
|
| 34 | +upRealm = com.sap.sse.security.UsernamePasswordRealm |
|
| 35 | +upRealm.credentialsMatcher = $credentialsMatcher |
|
| 36 | + |
|
| 37 | +# configure the OAuth realm: |
|
| 38 | +oauthRealm = com.sap.sse.security.OAuthRealm |
|
| 39 | + |
|
| 40 | +securityManager.realms = $upRealm, $oauthRealm |
|
| 41 | + |
|
| 42 | +sessionManager = com.sap.sse.security.SecurityWebSessionManager |
|
| 43 | +securityManager.sessionManager = $sessionManager |
|
| 44 | + |
|
| 45 | +authc = com.sap.sse.security.CustomFilter |
|
| 46 | +authc.loginUrl = ../security/ui/Login.html |
|
| 47 | +authc.successUrl = /security/ui/UserManagement.html |
|
| 48 | + |
|
| 49 | +roles.loginUrl = ../security/ui/Login.html |
|
| 50 | + |
|
| 51 | +sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO |
|
| 52 | +securityManager.sessionManager.sessionDAO = $sessionDAO |
|
| 53 | + |
|
| 54 | +cacheManager = com.sap.sse.security.SessionCacheManager |
|
| 55 | +securityManager.cacheManager = $cacheManager |
|
| 56 | + |
|
| 57 | +[urls] |
|
| 58 | +/security/ui/UserManagement.html = roles[admin] |
|
| 59 | +/YourFantasyURL.html = anyofroles[admin,eventmanager] |
|
| 60 | +</pre> |
|
| 17 | 61 | |
| 18 | 62 | #### com.sap.sse.security.userstore.mongodb |
| 19 | 63 | #### com.sap.sse.security.ui |