MaDgIK
/
dnet-role-management
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update 'Documentation'

Konstantinos Triantafyllou 2021-10-04 14:43:35 +02:00
parent 305363de71
commit 51f52fee48
2 changed files with 39 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
Documentation.md Normal file

@ -0,0 +1,39 @@
## OpenAIRE Authentication - Authorization
In OpenAIRE there are 4 types of Authorities:
* Portal Administrators (PORTAL_ADMINISTRATOR)
* Curator of a type of entities (e.g CURATOR_COMMUNITY, Curator of communities)
* Manager of an entity (e.g COMMUNITY_EGI_MANAGER, Manager of Community EGI)
* Member of an entity (e.g COMMUNITY_EGI, Member of Community EGI)
OpenAIRE services are using Spring Security to authenticate users and check their authorities in OpenAIRE entitities. All these services are sharing a Spring Session through a Redis Database, which is created from OpenAIRE Login Services where a user authenticates himself through AAI Single Sign On Service. The Session contains an OIDCAuthenticationToken Object from [MitreId-Connect](https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server).
```
<!-- Mitre -->
<dependency>
<groupId>org.mitre</groupId>
<artifactId>openid-connect-client</artifactId>
<version>1.3.0</version>
<exclusions>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
</exclusions>
</dependency>
```
## Role Management
This service provides 4 controllers with methods to create, assign or revoke roles from users and retrieve information regarding users with a specific Authority. Add session id in a header named "session" in order to use logged in user instead of a user with a specific email.
### Curator Controller ("/curator")
| Method | Path | Path Variables | Params | Description
| -------- | -------- | -------- |-------- | -------- |
| DELETE | /{type} | **type**: Type of Entity | **email**: Email of user (optional) | Remove Authority CURATOR_(TYPE) from user(s) with this email or logged in user.
| GET | /{type} | **type**: Type of Entity |**email**: Set to false to hide email information, default: true, **name**: Set to false to hide name information, default: true | Retrieve information of users with Authority CURATOR_(TYPE).
| POST | /{type} | **type**: Type of Entity | **email**: Email of user, **force**: if true and Authority CURATOR_(TYPE) doesn't exist, the Authority will be created, default: false | Assign Authority CURATOR_(TYPE) to user(s) with this email or logged in user.
| POST | /{type}/create | **type**: Type of Entity | **description**: Desciption of Authority CURATOR_(TYPE) | Create Authority CURATOR_(TYPE).

24
OpenAIRE-Authorization.md

@ -1,24 +0,0 @@
In OpenAIRE there are 4 types of Authorities:
* Portal Administrators (PORTAL_ADMINISTRATOR)
* Curator of a type of entities (e.g CURATOR_COMMUNITY, Curator of communities)
* Manager of an entity (e.g COMMUNITY_EGI_MANAGER, Manager of Community EGI)
* Member of an entity (e.g COMMUNITY_EGI, Member of Community EGI)
OpenAIRE services are using Spring Security to authenticate users and check their authorities in OpenAIRE entitities. All these services are sharing a Spring Session through a Redis Database, which is created from OpenAIRE Login Services where a user authenticates himself through AAI Single Sign On Service. The Session contains an OIDCAuthenticationToken Object from [MitreId-Connect](https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server).
```
<!-- Mitre -->
<dependency>
<groupId>org.mitre</groupId>
<artifactId>openid-connect-client</artifactId>
<version>1.3.0</version>
<exclusions>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
</exclusions>
</dependency>
```