...
- Add a
<bean>
definition for the desired provider, including any necessary configuration parameters. See below for the configuration parameters for the providers that exist in Fedora's core codebase. - Add the name of the bean to the
filterChainDefinitions
line in the configuration of theorg.apache.shiro.spring.web.ShiroFilterFactoryBean
. The relevant line starts with/**
, which means "filter all requests". What follows is a comma-separated list of filter bean names. The request proceeds through the filters from left to right.
The default filter chain in the fcrepo-webapp web.xml is as follows:
No Format |
---|
/** = servletContainerAuthFilter,delegatedPrincipalProvider,webACFilter |
Container Roles Principal Provider
ContainerRolesPrincipalProvider is a PrincpalProivder that obtains its set of principals from web.xml.
Code Block | ||||
---|---|---|---|---|
| ||||
<bean name="containerRolesProvider" class="org.fcrepo.auth.common.ContainerRolesPrincipalProvider"> <property name="roleNames"> <util:set set-class="java.util.HashSet"> <value>tomcat-role-1</value> <value>tomcat-role-2</value> </util:set> </property> </bean> |
New roles must be specified in web.xml as shown below. The default role is fedoraUser.
Code Block | ||||
---|---|---|---|---|
| ||||
<auth-constraint> <role-name>fedoraUser</role-name> <role-name>fedoraAdmin</role-name> <role-name>my-new-tomcat-role<-name>tomcat-role-1</role-name> <role-name>tomcat-role-2</role-name> </auth-constraint> |
...