...
Fedora Authorization Delegates allow you to implement one interface to enforce access control over your Fedora repository. This interface, FedoraAuthorizationDelegate, has callbacks that allow you to restrict ModeShape operations and filter search results. After following these configuration steps, Fedora's REST endpoints will respond with 403 response codes when the requested action is unauthorized by the authorization delegate.Note:
| Note |
|---|
Use of an authorization delegate and Fedora-specific authorization is optional. You can also configure Fedora to run without API security. You may want to only enforce container authentication or leave the service running completely unsecured, behind a firewall for instance. For details, |
...
Fedora Administrators (fedoraAdmin user role)
...
You can also create an authorization delegate implementation and performing perform security checks differently, possibly including calls to remote services.
...
- Open the repo.xml file in your Fedora web application.
- Add your authorization delegate implementation as a bean in this file and give it the id ID of "fad". Your authorization delegate bean may include more specific configuration details than the example.
- Now add the Fedora ModeShape Authentication Provider bean. (see repo.xml example)
- Make sure that your modeshapeRepofactory bean has the depends-on attribute pointing at the authenticationProvider (see repo.xml example).
- Open your repository.json file.
- Add org.fcrepo.auth.ServletContainerAuthenticationProvider as a provider in the security section. (see repository.json example)
...