Authentication and authorization

property file Auth provider

This auth provider implementation reads users, roles and permissions from a property file that is compatible with the format used by Apache Shiro Properties Realm.

Note that there is no dependency on Apache Shiro as this is a new implementation that is simply compatible with the Apache Shiro format

The properties file should have the following structure:

Each line should either contain the username, password and roles for a user or the permissions in a role.

For a user line it should be of the form:

user.{username}={password},{roleName1},{roleName2},…,{roleNameN}

For a role line it should be of the form:

role.{roleName}={permissionName1},{permissionName2},…,{permissionNameN}

Here’s an example:

user.tim = mypassword,administrator,developer
user.bob = hispassword,developer
user.joe = anotherpassword,manager
role.administrator=*
role.manager=play_golf,say_buzzwords
role.developer=do_actual_work

When describing roles a wildcard * can be used to indicate that the role has all permissions.

The implementation currently assumes that user/password based authentication is used.

MongoDB Auth

LDAP