Versions Compared

Old Version 18

changes.mady.by.user Xavier Haurie

Saved on

compared with

New Version 19

changes.mady.by.user Xavier Haurie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languageyml
themeRDark
* {
   *   attribute type 1 -> {
   *     attribute 1 -> [value 1, value 2, ...],
   *     attribute 2 -> [value 1, value 2, ...],
   *     ...
   *   },
   *   attribute type 2 -> {
   *     attribute 1 -> [value 1, value 2, ...],
   *     attribute 2 -> [value 1, value 2, ...],
   *     ...
   *   },
   *   ...
   * }

The system comes with 3 AttributeProviders and 3 Authorizers, ready to be used. If you want to create your own, this requires a bit more legwork than can easily be described here. Contacting us would be the best option.

Let's start with the attribute providers.

The WhiteBlackListAttrProvider queries a database's table pf whitelisted and blacklisted users. Its typical configuration follows.

Code Block
languageyml
themeMidnightRDark
{
      class = net.shrine.authz.providerService.attributes.WhiteBlackListAttrProvider
      name = wb-list,
      // DB config here should correspond to tomcat's Resource in its context.xml
      database: {
        dataSourceFrom = "JNDI"
        jndiDataSourceName = "java:comp/env/jdbc/blackWhiteTableDB"
        timeout = "30 seconds"
        createTablesOnStart = false
      }
    }

And it generates attributes of this shape:

Code Block
languageyml
themeRDark
wb-list: -> {
              isBlack -> (true/false},
              isWhite -> (true/false}



Code Block
languageyml
themeMidnight
shrine.config.authorizer : {

  unauthorizedUrl = "/shrine-api/shrine-webclient?isAuth=false"
  shibLogoutUrl = "https://<your hostname>/Shibboleth.sso/Logout?return=https://sso.med.harvard.edu/adfs/ls/?wa=wsignout1.0"

  attributeProviders :
  [
    {
      class = net.shrine.authz.providerService.attributes.WhiteBlackListAttrProvider
      name = wb-list,
      // DB config here should correspond to tomcat's Resource in its context.xml
      database: {
        dataSourceFrom = "JNDI"
        jndiDataSourceName = "java:comp/env/jdbc/blackWhiteTableDB"
        timeout = "30 seconds"
        createTablesOnStart = false
      }
    }



    {
      class = net.shrine.authz.providerService.attributes.EndpointAttrProvider
      name = profiles_faculty_type_and_id
      url = "https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation"
      userIdPlaceHolder="{userId}"
      attributeRegexes : [
        {
          name = "person-id"
          regex = "PersonID=\"([0-9]+)\""
        }
        {
          name = "faculty_type"
          regex = "<Affiliation Primary=\"true\">.*?FacultyTypeSort=\"(.)\""
        }
      ]
    }
    {
      class = net.shrine.authz.providerService.attributes.EndpointAttrProvider
      name = profiles_everything
      url = "https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation"
      userIdPlaceHolder="{userId}"
      attributeRegexes : [
        {
          name = "everything"
          regex = "(.+)"
        }
      ]
    }
    {
      class = net.shrine.authz.providerService.attributes.RequestHeadersAttrProvider
      name = headers,
      headerNames :
        [
           AJP_userId
           AJP_email
           AJP_firstName
           AJP_lastName
        ]
      }
  ],

  authorizer : {
    name : net.shrine.authz.providerService.authorize.HmsAuthorizer
  }

  ////////////////////////////////////////////////////////////
  // example of an alternate authorizer: RegexAuthorizer    //
  ////////////////////////////////////////////////////////////
  authorizer : {
      name : net.shrine.authz.providerService.examples.RegexAuthorizer
      regexTerms :
          [
             "wb-list.isBlack.false"
             "(wb-list.isWhite.true)|(profiles_faculty_type_and_id.faculty_type.[0-4])"
             "!(fp77)"
          ]

    }

}

...