Security management in Clerezza

Introduction

• Security in Clerezza is done at two level : platform Bundles and Graph read/write access.
  
• Security and permission are managed with JAAS
  
• Authentication can be done with one of this method :
  • cookie
  • http basic auth
  • webID
    
• Clerezza Security code reside in plateform.security.* bundles
  

How it's work

Authentication

• AuthenticatingFilter : is the http endpoint
  • call all registered AuthenticationMethod and WeightedAuthenticationMethod implementations
    • call the authenticationService : that will use all registered authenticationChecker to validate the provided username and password.
      • call each authenticationChecker : the first one that authenticate the user is ok.
        
• Implement WeightedAuthenticationMethod, allow you to add others authentication protocol to Clerezza (ex : oAuth, openId,...)
• Implement authenticationChecker, allow you to connect your specific authentication tool (LDAP, database,...)
  

Authorization

• TBD
  

Resources

• JAAS :
  • http://docs.oracle.com/javase/1.5.0/docs/guide/security/jgss/tutorials/AcnAndAzn.html
  • http://docs.oracle.com/javase/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnAndAzn.html#RunAzn
  • http://www.jaasbook.com/
    
• Clerezza security
  • see thread with subject "Auth management in Clerezza" in https://mail-archives.apache.org/mod_mbox/incubator-clerezza-dev/201206.mbox/browser