Update 'Documentation'
parent
305363de71
commit
51f52fee48
|
@ -0,0 +1,39 @@
|
|||
## OpenAIRE Authentication - Authorization
|
||||
|
||||
|
||||
In OpenAIRE there are 4 types of Authorities:
|
||||
|
||||
* Portal Administrators (PORTAL_ADMINISTRATOR)
|
||||
* Curator of a type of entities (e.g CURATOR_COMMUNITY, Curator of communities)
|
||||
* Manager of an entity (e.g COMMUNITY_EGI_MANAGER, Manager of Community EGI)
|
||||
* Member of an entity (e.g COMMUNITY_EGI, Member of Community EGI)
|
||||
|
||||
OpenAIRE services are using Spring Security to authenticate users and check their authorities in OpenAIRE entitities. All these services are sharing a Spring Session through a Redis Database, which is created from OpenAIRE Login Services where a user authenticates himself through AAI Single Sign On Service. The Session contains an OIDCAuthenticationToken Object from [MitreId-Connect](https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server).
|
||||
|
||||
```
|
||||
<!-- Mitre -->
|
||||
<dependency>
|
||||
<groupId>org.mitre</groupId>
|
||||
<artifactId>openid-connect-client</artifactId>
|
||||
<version>1.3.0</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcprov-jdk15on</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
```
|
||||
## Role Management
|
||||
|
||||
This service provides 4 controllers with methods to create, assign or revoke roles from users and retrieve information regarding users with a specific Authority. Add session id in a header named "session" in order to use logged in user instead of a user with a specific email.
|
||||
|
||||
### Curator Controller ("/curator")
|
||||
|
||||
| Method | Path | Path Variables | Params | Description
|
||||
| -------- | -------- | -------- |-------- | -------- |
|
||||
| DELETE | /{type} | **type**: Type of Entity | **email**: Email of user (optional) | Remove Authority CURATOR_(TYPE) from user(s) with this email or logged in user.
|
||||
| GET | /{type} | **type**: Type of Entity |**email**: Set to false to hide email information, default: true, **name**: Set to false to hide name information, default: true | Retrieve information of users with Authority CURATOR_(TYPE).
|
||||
| POST | /{type} | **type**: Type of Entity | **email**: Email of user, **force**: if true and Authority CURATOR_(TYPE) doesn't exist, the Authority will be created, default: false | Assign Authority CURATOR_(TYPE) to user(s) with this email or logged in user.
|
||||
| POST | /{type}/create | **type**: Type of Entity | **description**: Desciption of Authority CURATOR_(TYPE) | Create Authority CURATOR_(TYPE).
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
In OpenAIRE there are 4 types of Authorities:
|
||||
|
||||
* Portal Administrators (PORTAL_ADMINISTRATOR)
|
||||
* Curator of a type of entities (e.g CURATOR_COMMUNITY, Curator of communities)
|
||||
* Manager of an entity (e.g COMMUNITY_EGI_MANAGER, Manager of Community EGI)
|
||||
* Member of an entity (e.g COMMUNITY_EGI, Member of Community EGI)
|
||||
|
||||
OpenAIRE services are using Spring Security to authenticate users and check their authorities in OpenAIRE entitities. All these services are sharing a Spring Session through a Redis Database, which is created from OpenAIRE Login Services where a user authenticates himself through AAI Single Sign On Service. The Session contains an OIDCAuthenticationToken Object from [MitreId-Connect](https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server).
|
||||
|
||||
```
|
||||
<!-- Mitre -->
|
||||
<dependency>
|
||||
<groupId>org.mitre</groupId>
|
||||
<artifactId>openid-connect-client</artifactId>
|
||||
<version>1.3.0</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcprov-jdk15on</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
```
|
||||
|
Loading…
Reference in New Issue