Security configuration is comprised of realm/LoginModule pairs.
A realm defines how security information (credentials) is retrieved for a given realm (name defined in a program's entry point).
A LoginModule validates the security information entered at realm level.
Three realm implementations are offered:
=> |
No security information is asked for. All users will be logged as "anonymous". |
|
=> |
Triggers a classic user/password entry box. |
|
com.hardis.adelia.cloud.security.realms.JavaEERealm | => | Used when the security is linked to JEE authentication. |
=> |
Security information is passed as a main servlet call parameter. |
<realms> <realm name="adelia" loginModuleName="AnonymousLoginModule" className="com.hardis.adelia.cloud.security.realms.AnonymousRealm"/> <realm name="myname" loginModuleName="MyLdapModule" className="com.hardis.adelia.cloud.security.realms.BasicRealm"/> </realms> |
In the configuration above, the desktop is accessed without asking the user for credentials.
All the applications for which the entry point uses the realm called name="myname" will ask for security information via the BasicRealm.
The security information entered in the BasicRealm will be validated by the loginModule declared by loginModuleName.
Attribute |
Default value |
Notes |
name |
"adelia" |
Realm name defined in the Visual Adelia program entry point. |
loginModuleName |
"myname" |
Login module name myname declared in the <loginModule> tag. It is possible to chain loginModules by separating the names with a comma. Example: loginModuleName="LdapLoginModule,MyAdeliaLoginModule" makes it possible to carry out LDAP-type technical authentication followed by functional authentication through calling a Visual Adelia Batch program defined in MyAdeliaLoginModule |
className |
com.hardis.adelia.cloud.security.realms.AnonymousRealm or com.hardis.adelia.cloud.security.realms.BasicRealm or com.hardis.adelia.cloud.security.realms.RequestRealm |
Realm associated class. |
Scope |
optional "session" (default value) or "process" |
Defines the authentication scope. The session scope allows a single authentication during the session lifetime. The process scope allows to maintain the authentication for the program lifetime and for the lifetime of its child programs. |
com.hardis.adelia.cloud.security.realms.AnonymousRealm
This realm does not trigger a user interface. It anonymises the connection to the application. All users are authenticated with the same anonymous profile.
com.hardis.adelia.cloud.security.realms.BasicRealm
This realm triggers a user interface. It it used to manage profile and password entry as well as password changes. This realm is compatible with the use of a secureID.
<realm name="adelia" loginModuleName="...." className="com.hardis.adelia.cloud.security.realms.BasicRealm"> <parameters> <item key="description" value="-- Welcome -- ???? -- Willkommen -- Bienvenido -- Benvenuti -- " /> </parameters> </realm> |
or
<realm name="adelia" loginModuleName="...." className="com.hardis.adelia.cloud.security.realms.BasicRealm"> <parameters> <item key="description" value="-- Welcome -- ???? -- Willkommen -- Bienvenido -- Benvenuti -- " /> <item key="description_fr" value="-- Bienvenue -- " /> <item key="description_en" value="-- Welcome -- " /> <item key="description_cn" value="-- ???? -- " /> </parameters> </realm> |
com.hardis.adelia.cloud.security.realms.JavaEERealm
This realm does not trigger a user interface.
It is intended for use with JEE-level security management by the application server.
As an option, it may test a list of application roles provided as a parameter (applicationRoles) to support the "isUserInRole" function in the JavaEELoginModule login module.
In this case, all the declared roles are tested one at a time to populate the user roles list.
It can be used with the basic JEE login module (com.hardis.adelia.cloud.security.loginmodules.jee.JavaEELoginModule) or with JEE security extensions (com.hardis.adelia.jee.security.loginmodules.WagonLoginModule).
In the latter case, the "applicationRole" parameter is not required as the roles will be provided by the extension.
<realm name="adelia" loginModuleName="...." className="com.hardis.adelia.cloud.security.realms.JavaEERealm"> <parameters> <item key="applicationRoles" value="wagon-administrator,wagon-monitor,...." /> </parameters> </realm> |
com.hardis.adelia.cloud.security.realms.RequestRealm
This realm does not trigger a user interface. It is intended for exclusive use from an external call via URL call. This realm is compatible with the use of a secureID.