Page History
...
Code Block | ||||
---|---|---|---|---|
| ||||
* { * attribute type 1 -> { * attribute 1 -> [value 1, value 2, ...], * attribute 2 -> [value 1, value 2, ...], * ... * }, * attribute type 2 -> { * attribute 1 -> [value 1, value 2, ...], * attribute 2 -> [value 1, value 2, ...], * ... * }, * ... * } |
The system comes with 3 AttributeProviders and 3 Authorizers, ready to be used. If you want to create your own, this requires a bit more legwork than can easily be described here. Contacting us would be the best option.
Let's start with the attribute providers.
The WhiteBlackListAttrProvider queries a database's table pf whitelisted and blacklisted users. Its typical configuration follows.
Code Block | |||||
---|---|---|---|---|---|
| |||||
{
class = net.shrine.authz.providerService.attributes.WhiteBlackListAttrProvider
name = wb-list,
// DB config here should correspond to tomcat's Resource in its context.xml
database: {
dataSourceFrom = "JNDI"
jndiDataSourceName = "java:comp/env/jdbc/blackWhiteTableDB"
timeout = "30 seconds"
createTablesOnStart = false
}
}
|
And it generates attributes of this shape:
Code Block | ||||
---|---|---|---|---|
| ||||
wb-list: -> {
isBlack -> (true/false},
isWhite -> (true/false}
|
Code Block | ||||
---|---|---|---|---|
| ||||
shrine.config.authorizer : { unauthorizedUrl = "/shrine-api/shrine-webclient?isAuth=false" shibLogoutUrl = "https://<your hostname>/Shibboleth.sso/Logout?return=https://sso.med.harvard.edu/adfs/ls/?wa=wsignout1.0" attributeProviders : [ { class = net.shrine.authz.providerService.attributes.WhiteBlackListAttrProvider name = wb-list, // DB config here should correspond to tomcat's Resource in its context.xml database: { dataSourceFrom = "JNDI" jndiDataSourceName = "java:comp/env/jdbc/blackWhiteTableDB" timeout = "30 seconds" createTablesOnStart = false } } { class = net.shrine.authz.providerService.attributes.EndpointAttrProvider name = profiles_faculty_type_and_id url = "https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation" userIdPlaceHolder="{userId}" attributeRegexes : [ { name = "person-id" regex = "PersonID=\"([0-9]+)\"" } { name = "faculty_type" regex = "<Affiliation Primary=\"true\">.*?FacultyTypeSort=\"(.)\"" } ] } { class = net.shrine.authz.providerService.attributes.EndpointAttrProvider name = profiles_everything url = "https://connects.catalyst.harvard.edu/API/Profiles/Public/ProfilesDataAPI/getPeople/xml/ecommonsList/{userId}/columns/affiliation" userIdPlaceHolder="{userId}" attributeRegexes : [ { name = "everything" regex = "(.+)" } ] } { class = net.shrine.authz.providerService.attributes.RequestHeadersAttrProvider name = headers, headerNames : [ AJP_userId AJP_email AJP_firstName AJP_lastName ] } ], authorizer : { name : net.shrine.authz.providerService.authorize.HmsAuthorizer } //////////////////////////////////////////////////////////// // example of an alternate authorizer: RegexAuthorizer // //////////////////////////////////////////////////////////// authorizer : { name : net.shrine.authz.providerService.examples.RegexAuthorizer regexTerms : [ "wb-list.isBlack.false" "(wb-list.isWhite.true)|(profiles_faculty_type_and_id.faculty_type.[0-4])" "!(fp77)" ] } } |
...
Overview
Content Tools