...
Note |
---|
Despite the name, |
If the object of an acl:agent
statement looks like a URI, these properties are used to strip off the base part of that URI, leaving a simple string username.
Example
Fedora is started with -Dfcrepo.auth.webac.userAgent.baseUri
=http://example.com/users/
There is an ACL authorization with the following triple:
No Format |
---|
<> acl:agent <http://example.com/users/jdoe> |
When determining the list of agents for that authorization, the WebAC authorization delegate will strip off the base URI and return the string username jdoe
. That is what will be compared with the security principles from whatever authentication system is configured.