-
Notifications
You must be signed in to change notification settings - Fork 8
Metrics Pluggable Security
The Metrics Service allows an administrator to customize the type of security that is to be implemented for user authentication and authorization. Included with the Metrics Service’s owf-security directory are .xml files that provide examples of optional security configurations. They are intended as examples and should in no way be used in a production environment. Along with the security-related .xml files, there is also a .zip file which contains the source and configuration files for the pluggable security modules and an Apache ANT build script.
Note: Many security mechanisms can be used for user authentication and authorization. However, for the Metrics Service to record OWF data, at a minimum it must use the security provided by X.509 certificates for server-to-server communication.
MetricSecurityContext.xml - This contains the default security implementation for the Metrics Service. It uses a PKI certificate for authentication. If no authentication is provided, it redirects the user to log in using CAS as a fallback.
MetricSecurityContext_cert_only.xml - This contains the X.509-only security implementation for the Metrics Service. It uses a PKI certificate for authentication. If no authentication is provided, the user is denied access to the system.
MetricSecurityContext_cert_ldap.xml - This contains an X.509/LDAP security implementation that uses X.509 for authentication and then performs an LDAP-based lookup to determine the user’s authorization.
owf-security-project.zip - This bundle contains the source code, configuration files and library files needed to build the security files which are used by the Metrics Service. Additionally, an Apache ANT build script is included for building a JAR file. It is used by the aforementioned security XML files and supporting resource file lib/spring-core-3.0.1.RELEASE.jar which is a file which provides LDAP functionality. The Ozone-LDAP-Security plugin uses the JAR file.