...
- Add a
<bean>definition for the desired provider, including any necessary configuration parameters. See below for the configuration parameters for the providers that exist in Fedora's core codebase. - Add the name of the bean to the
filterChainDefinitionsline in the configuration of theorg.apache.shiro.spring.web.ShiroFilterFactoryBean. The relevant line starts with/**, which means "filter all requests". What follows is a comma-separated list of filter bean names. The request proceeds through the filters from left to right.
The default filter chain in the fcrepo-webapp web.xml is as follows:
| No Format |
|---|
/** = servletContainerAuthFilter,delegatedPrincipalProvider,webACFilter |
Container Roles Principal Provider
ContainerRolesPrincipalProvider is a PrincpalProivder that obtains its set of principals from web.xml.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean name="containerRolesProvider" class="org.fcrepo.auth.common.ContainerRolesPrincipalProvider"> <property name="roleNames"> <util:set set-class="java.util.HashSet"> <value>tomcat-role-1</value> <value>tomcat-role-2</value> </util:set> </property> </bean> |
New roles must be specified in web.xml as shown below. The default role is fedoraUser.
| Code Block | ||||
|---|---|---|---|---|
| ||||
<auth-constraint> <role-name>fedoraUser</role-name> <role-name>fedoraAdmin</role-name> <role-name>my-new-tomcat-role<-name>tomcat-role-1</role-name> <role-name>tomcat-role-2</role-name> </auth-constraint> |
...