Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

 

This document explains how user management is done in Datafari, following the RBAC (Role Based Access Control) model.

 

Datafari uses three Tomcat Realms for the authentication. This functionality is used to recognize the user and give him a personalized environment.

Also, every user has a specific role which will allow the user to have access to specific areas of Datafari and to prevent others from having this ability.

 

This functionality is of no use for persons who install Datafari on their personal computers.

The steps for authentication is illustrated in the three pictures below.

 

 

 

 

 

As shown above, when a user wants to authenticate, Datafari first calls CombinedRealm.

First, CombinedRealms triggers MongoDBRealm, which will check the authentication using the database of MongoDB. If it fails, CombinedRealm triggers JNDI DirectoryRealm that will check the authentifcation using the LDAP you have configured. These steps are done using the user credentials provided.

It is important to note that Ldap is not required for Datafari to work : You can use only MongDB without changing any setting.

Since Datafari uses 3 realms, they need to be configured. CustomCombinedRealm and GenericMongoRealm should not require you to modify their configuration, as they are embedded in the Datafari package. Still, in case you want to customise them, it is feasible. The realm that requires configuration is the JNDIRealm, for the remote LDAP connection. These configurations are done in context.xml, which is in WebContent/META-INF :

<?xml version="1.0" encoding="UTF-8"?>

<Context>

	<Realm
		className="com.francelabs.realm.CustomCombinedRealm">
		<Realm
		   authDB="db-containing"
		   authCollection="users"
		   authUserField="username"
		   authPasswordField="password"
		   authRoleField="role"
		   className="com.mongodb.realm.GenericMongoRealm"
		   defaultDbHost="localhost"
		   defaultDbPass=""
		   defaultDbUser=""
		   defaultRole="user"
		   digest="SHA-256"/>
		<Realm
		   className="org.apache.catalina.realm.JNDIRealm"
		   connectionURL="ldap://ldap.forumsys.com:389"
		   userPattern="uid={0},dc=example,dc=com"
		   connectionName="cn=read-only-admin,dc=example,dc=com"
		   connectionPassword="password"/>
	</Realm>
</Context>

 

 

 

 

 

 

 

 

 

  • No labels