You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@uima.apache.org by de...@apache.org on 2013/06/20 15:54:27 UTC
svn commit: r1495000 - in
/uima/sandbox/uima-ducc/trunk/uima-ducc-duccdocs/src/site/tex/duccbook/part4:
admin/ducc-ws-security.tex ducc-aguide.tex
Author: degenaro
Date: Thu Jun 20 13:54:27 2013
New Revision: 1495000
URL: http://svn.apache.org/r1495000
Log:
UIMA-3006 DUCC webserver (WS) how to configure authentication
Added:
uima/sandbox/uima-ducc/trunk/uima-ducc-duccdocs/src/site/tex/duccbook/part4/admin/ducc-ws-security.tex
Modified:
uima/sandbox/uima-ducc/trunk/uima-ducc-duccdocs/src/site/tex/duccbook/part4/ducc-aguide.tex
Added: uima/sandbox/uima-ducc/trunk/uima-ducc-duccdocs/src/site/tex/duccbook/part4/admin/ducc-ws-security.tex
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-duccdocs/src/site/tex/duccbook/part4/admin/ducc-ws-security.tex?rev=1495000&view=auto
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-duccdocs/src/site/tex/duccbook/part4/admin/ducc-ws-security.tex (added)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-duccdocs/src/site/tex/duccbook/part4/admin/ducc-ws-security.tex Thu Jun 20 13:54:27 2013
@@ -0,0 +1,247 @@
+\section{WebServer Authentication}
+\label{sec:WebServer Authentication}
+
+ By default, DUCC is configured such that there is effectively no
+ authentication enforcement by the WebServer. No password entry is permitted
+ on the Login panel and any userid specified is accepted whether it exists or
+ not.
+
+ To enable your own authentication measures, you should perform the following
+ steps:
+
+ \begin{enumerate}
+ \item Author an authentication manager Java class implementing interface
+ \begin{verbatim}
+org.apache.uima.ducc.common.authentication.IAuthenticationManager\end{verbatim}
+ \item Create an authentication jar file comprising the
+ authentication manager Java class
+ \item Install your authentication jar file and any dependency jar files
+ into your DUCC's lib folder
+ \item Update your ducc.properties file with authentication class name
+ and jar file name(s) information
+ \item Create a ducc.administrators file
+ \end{enumerate}
+
+ Note: When a user clicks on the WebServer Login link, the login dialog is
+ shown. On that dialog panel is shown the \mbox{authenticator: {\em
+ version}}, which is supplied by your authentication manager implementation's {\em
+ \mbox{getVersion()}} method. Also shown are boxes for userid and password
+ entry. If your authentication manager implemenation's {\em \mbox{isPasswordChecked()}}
+ method returns true then the password box will accept input, otherwise it will be
+ disabled.
+
+\subsection{Example Implementation}
+ \begin{description}
+
+ Shown below is an example implementation which can be used as a template
+ for coding protection by means of interfacing with your site's security
+ measures.
+
+ In this example, the SiteSecurity Java class is presumed to be existing
+ and available code at your installation.
+
+ \begin{verbatim}
+package org.apache.uima.ducc.example.authentication.module;
+
+import org.apache.uima.ducc.common.authentication.AuthenticationResult;
+import org.apache.uima.ducc.common.authentication.IAuthenticationManager;
+import org.apache.uima.ducc.common.authentication.IAuthenticationResult;
+import org.apache.uima.ducc.example.authentication.site.SiteSecurity;
+
+public class AuthenticationManager implements IAuthenticationManager {
+
+ private final String version = "example 1.0";
+
+ @Override
+ public String getVersion() {
+ return version;
+ }
+
+ @Override
+ public boolean isPasswordChecked() {
+ return true;
+ }
+
+ @Override
+ public IAuthenticationResult isAuthenticate(String userid, String domain,
+ String password) {
+ IAuthenticationResult authenticationResult = new AuthenticationResult();
+ authenticationResult.setFailure();
+ try {
+ if(SiteSecurity.isAuthenticUser(userid, domain, password)) {
+ authenticationResult.setSuccess();
+ }
+ }
+ catch(Exception e) {
+ //TODO
+ }
+ return authenticationResult;
+ }
+
+ @Override
+ public IAuthenticationResult isGroupMember(String userid, String domain,
+ Role role) {
+ IAuthenticationResult authenticationResult = new AuthenticationResult();
+ authenticationResult.setFailure();
+ try {
+ if(SiteSecurity.isAuthenticRole(userid, domain, role.toString())) {
+ authenticationResult.setSuccess();
+ }
+ }
+ catch(Exception e) {
+ //TODO
+ }
+ return authenticationResult;
+ }
+
+}
+ \end{verbatim}
+ \end{description}
+
+\subsection{IAuthenticationManager}
+ \begin{description}
+
+ Shown below is the interface which must be implemented by your
+ authentication manager.
+
+ \begin{verbatim}
+package org.apache.uima.ducc.common.authentication;
+
+public interface IAuthenticationManager {
+
+ /**
+ * This method is expected to return AuthenticationManager implementation version information.
+ * It is nominally displayed by the DUCC webserver on the Login/Logout pages.
+ *
+ * Example return value: Acme Authenticator 1.0
+ *
+ * @return The version of the AuthenticationManager implementation.
+ */
+ public String getVersion();
+
+ /**
+ * This method is expected to return password checking information.
+ * It is nominally employed by the DUCC webserver to enable/disable password input area on the Login/Logout pages.
+ *
+ * @return True if the AuthenticationManager implementation checks passwords; false otherwise.
+ */
+ public boolean isPasswordChecked();
+
+ /**
+ * This method is expected to perform authentication.
+ * It is nominally employed by the DUCC webserver for submitted Login pages.
+ *
+ * @param userid
+ * @param domain
+ * @param password
+ * @return True if authentic userid+domain+password; false otherwise.
+ */
+ public IAuthenticationResult isAuthenticate(String userid, String domain, String password);
+
+ /**
+ * This method is expected to perform role validation.
+ * It is nominally employed by the DUCC webserver for submitted Login pages.
+ *
+ * @param userid
+ * @param domain
+ * @param role
+ * @return True if authentic userid+domain+role; false otherwise.
+ */
+ public IAuthenticationResult isGroupMember(String userid, String domain, Role role);
+
+ /**
+ * The supported Roles
+ */
+ public enum Role {
+ User,
+ Admin
+ }
+}
+ \end{verbatim}
+ \end{description}
+
+\subsection{IAuthenticationResult}
+ \begin{description}
+
+ Shown below is the interface which must be returned by the required
+ authentication methods in your authentication manager.
+
+ \begin{verbatim}
+package org.apache.uima.ducc.common.authentication;
+
+public interface IAuthenticationResult {
+ public void setSuccess();
+ public void setFailure();
+ public boolean isSuccess();
+ public boolean isFailure();
+ public void setCode(int code);
+ public int getCode();
+ public void setReason(String reason);
+ public String getReason();
+ public void setException(Exception exception);
+ public Exception getException();
+}
+ \end{verbatim}
+ \end{description}
+
+\subsection{Example ANT script to build jar}
+ \begin{description}
+
+ Shown below is an example ANT script to build a ducc-authenticator.jar file.
+ The resulting jar file should be placed user DUCC's lib directory along with
+ any dependency jars, and defined in ducc.properties file.
+
+ \begin{verbatim}
+<project name="uima-ducc-examples" default="build" basedir=".">
+
+ <property name="TGT-LIB" value="${basedir}/lib" />
+ <property name="TGT-DUCC-AUTH-JAR" value="${TGT-LIB}/ducc-authenticator.jar" />
+
+ <target name="build" depends="clean, jar" />
+
+ <target name="clean">
+ <delete file="${TGT-DUCC-AUTH-JAR}" />
+ </target>
+
+ <target name="jar">
+ <mkdir dir="${TGT-LIB}" />
+ <jar destfile="${TGT-DUCC-AUTH-JAR}" basedir="${basedir}/target/classes/org/apache/uima/ducc/example/authentication/module"/>
+ </target>
+
+</project>
+ \end{verbatim}
+ \end{description}
+
+\subsection{Example ducc.properties entries}
+ \begin{description}
+
+ Shown here is a snippet of the ducc.properties file defining the class to be
+ used for authentication and the administrator created folder
+ {\em site-security}, which should contain the ducc-authenticator.jar you
+ built plus any jar files upon which it depends.
+
+ Note: the {\em site-security} directory must be located within DUCC's lib
+ directory.
+
+ \begin{verbatim}
+# The class that performs authentication (for the WebServer)
+org.apache.uima.ducc.example.authentication.module.AuthenticationManager
+
+# Site specific jars: include all jars in directory site-security
+ducc.local.jars = site-security/*
+ \end{verbatim}
+ \end{description}
+
+\subsection{Example ducc.administrators}
+ \begin{description}
+
+ Example contents of ducc.administrators file located within DUCC's resources
+ directory. Only userids listed here can assume the Administrator role when
+ performing operations via the WebServer.
+
+ \begin{verbatim}
+jdoe
+fred
+hal9000
+ \end{verbatim}
+ \end{description}
\ No newline at end of file
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-duccdocs/src/site/tex/duccbook/part4/ducc-aguide.tex
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-duccdocs/src/site/tex/duccbook/part4/ducc-aguide.tex?rev=1495000&r1=1494999&r2=1495000&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-duccdocs/src/site/tex/duccbook/part4/ducc-aguide.tex (original)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-duccdocs/src/site/tex/duccbook/part4/ducc-aguide.tex Thu Jun 20 13:54:27 2013
@@ -15,6 +15,7 @@
\chapter{Administration}
%% These should all be sections
+\input{part4/admin/ducc-ws-security.tex}
\input{part4/admin/ducc-properties.tex}
\input{part4/admin/ducc-classes.tex}
\input{part4/admin/ducc-nodes.tex}