Security configuration is comprised of realm/LoginModule pairs.
A realm defines how security information (credentials) is retrieved for a given realm (name defined in a program's entry point).
A LoginModule validates the security information entered at realm level.
Three realm implementations are offered:
=> |
No security information is asked for. All users will be logged as "anonymous". |
|
=> |
Triggers a classic user/password entry box. |
|
com.hardis.adelia.cloud.security.realms.JavaEERealm | => | Used when the security is linked to JEE authentication. |
=> |
Security information is passed as a main servlet call parameter. |
<realms> <realm name="adelia" loginModuleName="AnonymousLoginModule" className="com.hardis.adelia.cloud.security.realms.AnonymousRealm"/> <realm name="myname" loginModuleName="MyLdapModule" className="com.hardis.adelia.cloud.security.realms.BasicRealm"/> </realms> |
In the configuration above, the desktop is accessed without asking the user for credentials.
All the applications for which the entry point uses the realm called name="myname" will ask for security information via the BasicRealm.
The security information entered in the BasicRealm will be validated by the loginModule declared by loginModuleName.
Attribute |
Default value |
Notes |
name |
"adelia" |
Realm name defined in the Visual Adelia program entry point. |
loginModuleName |
"myname" |
Login module name myname declared in the <loginModule> tag. It is possible to chain loginModules by separating the names with a comma. Example: loginModuleName="LdapLoginModule,MyAdeliaLoginModule" makes it possible to carry out LDAP-type technical authentication followed by functional authentication through calling a Visual Adelia Batch program defined in MyAdeliaLoginModule |
className |
com.hardis.adelia.cloud.security.realms.AnonymousRealm or com.hardis.adelia.cloud.security.realms.BasicRealm or com.hardis.adelia.cloud.security.realms.RequestRealm |
Realm associated class. |
Scope |
optional "session" (default value) or "process" |
Defines the authentication scope. The session scope allows a single authentication during the session lifetime. The process scope allows to maintain the authentication for the program lifetime and for the lifetime of its child programs. |
userNameValidator | optional regular expression, "" by default. |
Used to validate the username format at the end of authentication. If this parameter is entered and the username does not verify the expression, authentication fails. Not entered by default. For example:
|
com.hardis.adelia.cloud.security.realms.AnonymousRealm
This realm does not trigger a user interface. It anonymises the connection to the application. All users are authenticated with the same anonymous profile.
com.hardis.adelia.cloud.security.realms.BasicRealm
This realm triggers a user interface. It it used to manage profile and password entry as well as password changes. This realm is compatible with the use of a secureID.
<realm name="adelia" loginModuleName="...." className="com.hardis.adelia.cloud.security.realms.BasicRealm"> <parameters> <item key="description" value="-- Welcome -- ???? -- Willkommen -- Bienvenido -- Benvenuti -- " /> </parameters> </realm> |
or
<realm name="adelia" loginModuleName="...." className="com.hardis.adelia.cloud.security.realms.BasicRealm"> <parameters> <item key="description" value="-- Welcome -- ???? -- Willkommen -- Bienvenido -- Benvenuti -- " /> <item key="description_fr" value="-- Bienvenue -- " /> <item key="description_en" value="-- Welcome -- " /> <item key="description_cn" value="-- ???? -- " /> </parameters> </realm> |
com.hardis.adelia.cloud.security.realms.JavaEERealm
This realm does not trigger a user interface.
It is intended for use with JEE-level security management by the application server.
As an option, it may test a list of application roles provided as a parameter (applicationRoles) to support the "isUserInRole" function in the JavaEELoginModule login module.
In this case, all the declared roles are tested one at a time to populate the user roles list.
It can be used with the basic JEE login module (com.hardis.adelia.cloud.security.loginmodules.jee.JavaEELoginModule) or with JEE security extensions (com.hardis.adelia.jee.security.loginmodules.WagonLoginModule).
In the latter case, the "applicationRole" parameter is not required as the roles will be provided by the extension.
<realm name="adelia" loginModuleName="...." className="com.hardis.adelia.cloud.security.realms.JavaEERealm"> <parameters> <item key="applicationRoles" value="wagon-administrator,wagon-monitor,...." /> </parameters> </realm> |
com.hardis.adelia.cloud.security.realms.RequestRealm
This realm does not trigger a user interface. It is intended for exclusive use from an external call via URL call. This realm is compatible with the use of a secureID.