Introduction
- Security in Clerezza is done at two level : platform Bundles and Graph read/write access.
- Security and permission are managed with JAAS
- Authentication can be done with one of this method :
- cookie
- http basic auth
- webID
- Clerezza Security code reside in plateform.security.* bundles
How it's work
Authentication
AuthenticatingFilter : is the http endpoint
call all registered AuthenticationMethod and WeightedAuthenticationMethod implementations
- call the authenticationService : that will use all registered authenticationChecker to validate the provided username and password.
- call each authenticationChecker : the first one that authenticate the user is ok.
- call the authenticationService : that will use all registered authenticationChecker to validate the provided username and password.
Implement WeightedAuthenticationMethod, allow you to add others authentication protocol to Clerezza (ex : oAuth, openId,...)
- Implement authenticationChecker, allow you to connect your specific authentication tool (LDAP, database,...)
Authorization
- TBD
Resources
- JAAS :
- Clerezza security
see thread with subject "Auth management in Clerezza" in https://mail-archives.apache.org/mod_mbox/incubator-clerezza-dev/201206.mbox/browser