This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
development:security [2016/11/08 11:39] ganisimov |
development:security [2017/02/28 14:09] anthonysena |
||
---|---|---|---|
Line 16: | Line 16: | ||
==== SECURITY LAYER ==== | ==== SECURITY LAYER ==== | ||
- | The ''Security'' abstraction makes it easy to maintain different behaviours of security subsystem. There are two implementations are available out of the box. These are ''AtlasSecurity'' and ''DisabledSecurity''. The first handles all the needs of ATLAS application, the latter disables security features. | + | The ''org.ohdsi.webapi.shiro.management.Security'' abstraction makes it easy to maintain different behaviors of security subsystem. There are two implementations are available out of the box. These are ''AtlasSecurity'' and ''DisabledSecurity''. The first handles all the needs of ATLAS application, the latter disables security features. |
- | Active implementation is annotated with ''@Primary''. To switch security off, just move ''@Primary'' annotation to ''DisabledSecurity''. | + | The default setting in the WebAPI pom.xml is ''<security.enabled>false</security.enabled>'' which turns off security by loading the DisabledSecurity module. If you would like to enable security and load the AtlasSecurity module, this can be done by adding ''<security.enabled>true</security.enabled>'' to the ''<profile>'' section of your settings.xml file as described in the [[documentation:software:webapi:webapi_installation_guide|WebAPI Installation Guide]]. This does require that you rebuild the .war file and redeploy the application. |
- | + | ||
- | @Component | + | |
- | @Primary | + | |
- | public class DisabledSecurity extends Security { | + | |
- | ... | + | |
- | } | + | |
==== PATH-BASED SECURITY ==== | ==== PATH-BASED SECURITY ==== | ||
Line 52: | Line 46: | ||
=== OAUTH SETTINGS === | === OAUTH SETTINGS === | ||
- | Currently supported providers are Google and Facebook. | + | Currently supported OAuth providers are Google and Facebook. |
To be able to use API of OAuth service provider you need to obtain API Key and API Secret and put these values into POM file | To be able to use API of OAuth service provider you need to obtain API Key and API Secret and put these values into POM file | ||
Line 61: | Line 55: | ||
<security.oauth.facebook.apiSecret>SECRET</security.oauth.facebook.apiSecret> | <security.oauth.facebook.apiSecret>SECRET</security.oauth.facebook.apiSecret> | ||
- | === ADDING NEW OAUTH PROVIDER === | + | ==== ADDING NEW OAUTH PROVIDER ==== |
OAuth authentication is handled with [[https://github.com/bujiio/buji-pac4j|buji-pac4j]] [[http://www.pac4j.org/docs/clients/oauth.html|OAuth clients]]. | OAuth authentication is handled with [[https://github.com/bujiio/buji-pac4j|buji-pac4j]] [[http://www.pac4j.org/docs/clients/oauth.html|OAuth clients]]. | ||
Line 257: | Line 251: | ||
keytool -certreq -alias webapi -keystore C:\path\to\my\keystore.jks -file C:\path\to\csr\webapi.csr | keytool -certreq -alias webapi -keystore C:\path\to\my\keystore.jks -file C:\path\to\csr\webapi.csr | ||
- | * Now you need to follow instructions of CA (Certification Authority) of your choice to submit your CSR. | + | * Now you need to follow instructions of CA (Certification Authority) of your choice to submit your CSR (for example VeriSign) to obtain the SSL certifiate. Alternatively, you may opt to use [[development:OpenSSL|OpenSSL]] to create a local CA for non-production use. |
* When you obtained certificate from CA, you need to import it into your keystore | * When you obtained certificate from CA, you need to import it into your keystore |