Authentication Providers
Authentications providers are an optional component or base component provided by the reporting-core. They are designed for 2 purposes:
- Mapping Reports to Users (via groups)
- Restricting the users of the system to users who are allowed to access the product
There are a couple of existing Authentication providers, and planned Authentication providers: (As of 1.4)
| Authentication Provider | As of release | Description |
|---|---|---|
| File Authentication Provider | 0 | Uses plain old YAML files to determine who has access to what reports. See below for details |
| Rest Authentication Provider | 1.1 | Allows for an external REST endpoint for Kagura to use for authentication. Basically outsourcing the authentication. |
| Hybrid Authentication Provider | 1.1 | Allows for you to mix and match authentication methods. Such as if you want the users to be specified from a Rest end point, however the actual group to reports mappings to be done by the File Authentication Provider you would use this. |
| Encrypted File Authentication Provider | Todo | Like File Authentication Provider, but uses encrypted passwords
|
| JDBC/JNDI Authentication Provider | Todo | Authentication via database |
| JaaS Authentication Provider | Todo | Uses JaaS to provide authentication |
| Groovy Authentication Provider | Todo | An authentication provider that uses code to determine if the user is authenticated, probably for arbitrary integrations |
File Authentication Provider
The file Authentication provider expects to see 2 files in the reports directory: users.yaml and groups.yaml. These are 2 very simply formatted files:
- users.yaml contains a list of: username, password, and an array of group names
- groups.yaml contains a list of: group names, with an array of report ids
Format:
- { username: "testuser", password: "testuserpass", groups: ["test reports"] }
- { username: "tu2", password: "tup2", groups: ["test reports2"] }
- { groupname: "test reports", reports: [ "fake1" ] }
- { groupname: "test reports2", reports: [ "fake2", "groovytest" ] }
Rest Authentication Provider
The rest authentication provider requires a URL to be provided. The REST Authentication provider will be superseded by a more secure version. This version is designed to be protected. Your REST end point that you point it at must export the following methods:
GET /echo Parameters: - Query Param: message Echos the message passed to it. Used to test the server. GET /users Parameters: None Returns a list of users, with the username and the groups the user is in. GET /groups Parameters: None Returns a list of groups and their reports GET /login Parameters: - Post Data: JSON Map of "username" and "password" Returns ok if the username and password are correct.
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import java.util.Map;
public interface MyAuth {
@GET()
@Path("/echo")
public String echo(@QueryParam("message") @DefaultValue("No message= found.") String message);
@GET()
@Path("/users")
public Object users();
@GET()
@Path("/groups")
public Object groups();
@POST()
@Path("/login")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.TEXT_PLAIN)
public String login(Map<String,String> input);
}
Hybrid Authentication Provider
Allows you to mix two authentication providers. You specify one for the groups and one for the user.