939abe32c2503eb248cce3149ef4ac90db9c6eb6
wiki/images/AddRole.png
| ... | ... | Binary files /dev/null and b/wiki/images/AddRole.png differ |
wiki/images/CreateUser.png
| ... | ... | Binary files /dev/null and b/wiki/images/CreateUser.png differ |
wiki/images/EditProfile.png
| ... | ... | Binary files /dev/null and b/wiki/images/EditProfile.png differ |
wiki/images/LoginScreen.png
| ... | ... | Binary files /dev/null and b/wiki/images/LoginScreen.png differ |
wiki/images/Register.png
| ... | ... | Binary files /dev/null and b/wiki/images/Register.png differ |
wiki/images/RemovingRoles.png
| ... | ... | Binary files /dev/null and b/wiki/images/RemovingRoles.png differ |
wiki/images/UserManagement1.png
| ... | ... | Binary files /dev/null and b/wiki/images/UserManagement1.png differ |
wiki/images/UserManagement2.png
| ... | ... | Binary files /dev/null and b/wiki/images/UserManagement2.png differ |
wiki/usermanagement.md
| ... | ... | @@ -129,8 +129,50 @@ The `LoginPanel` component may be used by applications to display sign-up/sign-i |
| 129 | 129 | |
| 130 | 130 | We plan to turn the `UserManagementPanel` which is the widget behind the `UserManagementEntryPoint` into a drop-in component for a generalized administration console concept. So, when the AdminConsole becomes an SSE concept then the user management tab can be made available to all applications using the AdminConsole concept. See also bugs [2424](http://bugzilla.sapsailing.com/bugzilla/show_bug.cgi?id=2424) and [2425](http://bugzilla.sapsailing.com/bugzilla/show_bug.cgi?id=2425). |
| 131 | 131 | |
| 132 | -### Using Shiro in SSE-Based Applications |
|
| 132 | +## Sample Session |
|
| 133 | 133 | |
| 134 | -## Security and User Management-Related Entry Points |
|
| 134 | +When you try to reach a protected resource without having the necessary permissions, Shiro will redirect you to the sign-in page. |
|
| 135 | 135 | |
| 136 | -## Sample Session |
|
| ... | ... | \ No newline at end of file |
| 0 | + |
|
| 1 | + |
|
| 2 | +When a system is still in its initial state, the default credentials are `admin` as the user name and `admin` as the password. When the sign-in was successful, you will be redirected to the protected page you originally wanted to visit (or stay on the sign-in page in case that was the URL you explicitly visited). |
|
| 3 | + |
|
| 4 | +To edit your user profile, visit `/security/ui/EditProfile.html`. |
|
| 5 | + |
|
| 6 | + |
|
| 7 | + |
|
| 8 | +It allows the signed-in user to change the e-mail address and reset or update the password. Changing the e-mail address will result in a validation e-mail sent to the new e-mail address provided. Until the user has confirmed the e-mail by clicking on the embedded link, the new e-mail address will be considered not validated. |
|
| 9 | + |
|
| 10 | +The password reset feature is only available for users whose e-mail address has successfully been validated. Otherwise, users who do not have the `admin` role need to provide their current password and the new password, including a confirmation of the new password. An e-mail notification will be sent to the user's e-mail address about the password change. Administrators can simply provide the new password and confirm it, leaving the field for the current password empty. |
|
| 11 | + |
|
| 12 | +A new user can sign up by visiting the `/security/ui/Register.html` page. |
|
| 13 | + |
|
| 14 | + |
|
| 15 | + |
|
| 16 | +New users need to provide a unique name. Providing an e-mail address is optional, but if no validated e-mail address exists, certain services will not be made available to that user, in particular the password reset feature. |
|
| 17 | + |
|
| 18 | +A mail is sent out to the e-mail address provided, asking the user to confirm the e-mail address by clicking on a link embedded in the e-mail. Complying to do so will mark the e-mail address as validated, and features requiring a validated e-mail address will be made available to the user from then on. |
|
| 19 | + |
|
| 20 | +Administrators (users with role `admin`) can use the `/security/ui/UserManagement.html` entry point (future versions will probably integrate this into the AdminConsole framework as a standard tab). |
|
| 21 | + |
|
| 22 | + |
|
| 23 | + |
|
| 24 | +The user management page offers administrators to create and delete users, search for users and change their settings. Creating a new user works pretty much as in the `/security/ui/Register.html` entry point: |
|
| 25 | + |
|
| 26 | + |
|
| 27 | + |
|
| 28 | +To delete a user, find it in the list on the left side of the page, using the filter text box above the list and the paging buttons. |
|
| 29 | + |
|
| 30 | + |
|
| 31 | + |
|
| 32 | +The right-hand side of the view shows the user details and allows administrators to edit them, very similar to the `/security/ui/EditProfile.html` page. At the bottom of this view, there is a field to manage the roles assigned to the user selected. To add a role, enter the role name into the text field and press the `Add` button. |
|
| 33 | + |
|
| 34 | + |
|
| 35 | + |
|
| 36 | +Roles currently assigned to the user can be removed by pressing the red `X` button next to the role name: |
|
| 37 | + |
|
| 38 | + |
|
| 39 | + |
|
| 40 | +These changes take effect immediately if the user that is being edited is the user currently signed in. Note that in particular if you are signed in with the `admin` role and remove this role for yourself, you will not be able to edit your roles any further but will need to ask another administrator to do so. |
|
| 41 | + |
|
| 42 | +## RESTful API |