...

Fedora Principal Provider Extensions allow a Fedora repository to pull in user security and role designations from other sources, LDAP being a common source. They are usually executed after the initial container authentication but before finer-grained authentication such as role resolution. There are several PrincipalProvider modules available, this wiki page documents just some of them.

Operation

The Principal Provider Extensions are configured from the repository.json file located at <WEBAPP>/WEB-INF/classes/config/minimal-default when using the "one click" solution and (possibly) the same path when used in a robust repository solution. The repository.json file contains the class name of authentication provider (under "providers") as well as the roles to be used when starting the provider module (the roles which a query is checked against). By default the org.fcrepo.auth.common.BypassSecurityServletAuthenticationProvider is used for this layer of security, as it doesn't rely on an external PrincipalProviders and provides the simplest authentication model (The module always authenticates and gives access privileges to the session).

...