FW: fedora - some questions
10 views
Skip to first unread message
Arran Griffith
May 11, 2023, 7:48:52 AM5/11/23
to Fedora Tech
Hi All,
Looking for some help for a user wondering about adding users with different permissions. Any assistance for Dominik would be great.
Cheers,
Arran
---
Arran Griffith
Program Manager, Fedora Program
Lyrasis
From:
Dominik Gruew <domini...@gmail.com>
Date: Thursday, May 11, 2023 at 4:18 AM
To: Arran Griffith <Arran.G...@lyrasis.org>
Subject: fedora - some questions
Hello,
We are currently working on a project at my company and we are using fedora to manage resources for this purpose. Most of the things I was able to learn from the documentation and the youtube channel. However, one thing I can't do is to add new users, with
different roles and with them different access rights. I tried to edit tomcat-users.xml
After adding the user, nothing happens, requests still do not pass in the postman, and I can't log in to the localhost:8080/fcrepo/rest website.
I don't know who to contact with this question, so I am writing to you directly. I would be very grateful if you could help me with this problem.
Regards,
Dominik
Dan Field
May 11, 2023, 10:44:02 AM5/11/23
to fedor...@googlegroups.com
I would first check that they have enabled the bean in the spring context usually found in fedora/config/spring/fcrepo-config.xml
This is what mine looks like for a basic tomcat in docker configuration. Hope it helps
<bean name="authenticationProvider" class="org.fcrepo.auth.common.ShiroAuthenticationProvider"/>
<bean name="delegatedPrincipalProvider" class="org.fcrepo.auth.common.DelegateHeaderPrincipalProvider"/>
<!-- Shiro Auth Confiuration -->
<!-- Define the Shiro Realm implementation you want to use to connect to your back-end -->
<!-- WebAC Authorization Realm -->
<bean id="webACAuthorizingRealm" class="org.fcrepo.auth.webac.WebACAuthorizingRealm" />
<!-- Servlet Container Authentication Realm -->
<bean id="servletContainerAuthenticatingRealm" class="org.fcrepo.auth.common.ServletContainerAuthenticatingRealm" />
<!-- Security Manager -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realms">
<util:set set-class="java.util.HashSet">
<ref bean="webACAuthorizingRealm"/>
<ref bean="servletContainerAuthenticatingRealm"/>
</util:set>
</property>
</bean>
<!-- Post processor that automatically invokes init() and destroy() methods -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- Authentication Filter -->
<bean id="servletContainerAuthFilter" class="org.fcrepo.auth.common.ServletContainerAuthFilter"/>
<!-- Authorization Filter -->
<bean id="webACFilter" class="org.fcrepo.auth.webac.WebACFilter"/>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="filterChainDefinitions">
<value>
<!-- The Auth filter should come first, followed by 0 or more of the principal provider filters, -->
<!-- and finally the webACFilter -->
/** = servletContainerAuthFilter,delegatedPrincipalProvider,webACFilter
</value>
</property>
</bean>
---
Dan Field
Developer, Fedora Program
LYRASIS
From: 'Arran Griffith' via Fedora Tech <fedor...@googlegroups.com>
Sent: 11 May 2023 12:48
To: Fedora Tech <fedor...@googlegroups.com>
Subject: [fedora-tech] FW: fedora - some questions
Sent: 11 May 2023 12:48
To: Fedora Tech <fedor...@googlegroups.com>
Subject: [fedora-tech] FW: fedora - some questions
--
You received this message because you are subscribed to the Google Groups "Fedora Tech" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fedora-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/fedora-tech/SJ0PR22MB2671B69CB555C3156324F3C288749%40SJ0PR22MB2671.namprd22.prod.outlook.com.
You received this message because you are subscribed to the Google Groups "Fedora Tech" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fedora-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/fedora-tech/SJ0PR22MB2671B69CB555C3156324F3C288749%40SJ0PR22MB2671.namprd22.prod.outlook.com.
Jared Whiklo
May 11, 2023, 11:01:23 AM5/11/23
to fedor...@googlegroups.com
By default Fedora requires one of two container roles internal to
Fedora. fedoraUser and fedoraAdmin. So for users you'll want to add
fedoraUser as well as the other roles to them.
However, if you want to have a group of users then you could use the
acl:agentGroup in your ACL to list the users in a group and assign
permissions to everyone in that group. Then you just define the users in
your tomcat-users.xml as having the fedoraUser role and permissions are
handled in Fedora.
https://wiki.lyrasis.org/display/FEDORA6x/Web+Access+Control
If you really want to add container roles, then I think you need to
define them in the web.xml (security-constraint -> auth-constraint ->
role-name) inside the fcrepo-webapp (src/main/resources/webapp/WEB-INF)
module and recompile.
cheers,
jared
On 2023-05-11 6:48 a.m., 'Arran Griffith' via Fedora Tech wrote:
>
> Hi All,
>
> Looking for some help for a user wondering about adding users with
> different permissions. Any assistance for Dominik would be great.
>
> Cheers,
>
> Arran
>
> ---
>
> *Arran Griffith*
> *Date: *Thursday, May 11, 2023 at 4:18 AM
> *To: *Arran Griffith <Arran.G...@lyrasis.org>
> *Subject: *fedora - some questions
--
Jared Whiklo
jwh...@gmail.com
Fedora. fedoraUser and fedoraAdmin. So for users you'll want to add
fedoraUser as well as the other roles to them.
However, if you want to have a group of users then you could use the
acl:agentGroup in your ACL to list the users in a group and assign
permissions to everyone in that group. Then you just define the users in
your tomcat-users.xml as having the fedoraUser role and permissions are
handled in Fedora.
https://wiki.lyrasis.org/display/FEDORA6x/Web+Access+Control
If you really want to add container roles, then I think you need to
define them in the web.xml (security-constraint -> auth-constraint ->
role-name) inside the fcrepo-webapp (src/main/resources/webapp/WEB-INF)
module and recompile.
cheers,
jared
On 2023-05-11 6:48 a.m., 'Arran Griffith' via Fedora Tech wrote:
>
> Hi All,
>
> Looking for some help for a user wondering about adding users with
> different permissions. Any assistance for Dominik would be great.
>
> Cheers,
>
> Arran
>
> ---
>
>
> Program Manager, Fedora Program
>
> Lyrasis
>
> Program Manager, Fedora Program
>
> Lyrasis
>
> A picture containing logo Description automatically generated
>
> *From: *Dominik Gruew <domini...@gmail.com>
>
> *Date: *Thursday, May 11, 2023 at 4:18 AM
> *To: *Arran Griffith <Arran.G...@lyrasis.org>
> *Subject: *fedora - some questions
>
> Hello,
>
>
> We are currently working on a project at my company and we are using
> fedora to manage resources for this purpose. Most of the things I was
> able to learn from the documentation and the youtube channel. However,
> one thing I can't do is to add new users, with different roles and
> with them different access rights. I tried to edit tomcat-users.xml
>
> Hello,
>
>
> We are currently working on a project at my company and we are using
> fedora to manage resources for this purpose. Most of the things I was
> able to learn from the documentation and the youtube channel. However,
> one thing I can't do is to add new users, with different roles and
> with them different access rights. I tried to edit tomcat-users.xml
>
> After adding the user, nothing happens, requests still do not pass in
> the postman, and I can't log in to the localhost:8080/fcrepo/rest website.
>
>
> I don't know who to contact with this question, so I am writing to you
> directly. I would be very grateful if you could help me with this problem.
>
> Regards,
> Dominik
>
> the postman, and I can't log in to the localhost:8080/fcrepo/rest website.
>
>
> I don't know who to contact with this question, so I am writing to you
> directly. I would be very grateful if you could help me with this problem.
>
> Regards,
> Dominik
>
> --
> You received this message because you are subscribed to the Google
> Groups "Fedora Tech" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fedora-tech...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/fedora-tech/SJ0PR22MB2671B69CB555C3156324F3C288749%40SJ0PR22MB2671.namprd22.prod.outlook.com
> <https://groups.google.com/d/msgid/fedora-tech/SJ0PR22MB2671B69CB555C3156324F3C288749%40SJ0PR22MB2671.namprd22.prod.outlook.com?utm_medium=email&utm_source=footer>.
> You received this message because you are subscribed to the Google
> Groups "Fedora Tech" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fedora-tech...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/fedora-tech/SJ0PR22MB2671B69CB555C3156324F3C288749%40SJ0PR22MB2671.namprd22.prod.outlook.com
--
Jared Whiklo
jwh...@gmail.com
Reply all
Reply to author
Forward
0 new messages