diff options
Diffstat (limited to 'lib/templates')
-rw-r--r-- | lib/templates/config.yaml | 45 | ||||
-rw-r--r-- | lib/templates/default_guest_policy.xml | 53 | ||||
-rw-r--r-- | lib/templates/default_policy.xml | 53 | ||||
-rw-r--r-- | lib/templates/users.yaml | 5 |
4 files changed, 151 insertions, 5 deletions
diff --git a/lib/templates/config.yaml b/lib/templates/config.yaml index 00c00cb..8a5e460 100644 --- a/lib/templates/config.yaml +++ b/lib/templates/config.yaml @@ -39,3 +39,48 @@ # Uncomment for verbose logging # :logger: debug +# :backtrace: 1 + + +# OpenSSO Authorization +# set ":server: " to disable A&A +:authorization: + :server: "https://opensso.in-silico.ch" + :free_request: #request-method not controlled by A&A + - "GET" + :authenticate_request: #only for authenticated user + - "POST" + :authorize_request: #only for authenticated and authorizeduser + - "DELETE" + - "PUT" + # Exceptions: + :free_uris: #request-method for uri not controlled by A&A + ? - :GET + : - !ruby/regexp /localhost\/algorithm/ + - "http://localhost/dataset" + - "http://localhost/model" + - "http://localhost/validation" + - "http://localhost/validation/crossvalidation" + - "http://localhost/validation/reach_report" + - "http://localhost/validation/reach_report/crossvalidation" + - "http://localhost/validation/report" + - "http://localhost/validation/report/crossvalidation" + - "http://localhost/validation/reach_report/qmrf" + ? - :GET + - :POST + : - !ruby/regexp /localhost\/toxcreate/ + - !ruby/regexp /localhost\/task/ + - !ruby/regexp /localhost\/compound/ + ? - :PUT + : - !ruby/regexp /localhost\/task/ + + :authorize_exceptions: #request-method for uri only authenticated, no authorization + ? - :POST + : - !ruby/regexp /localhost\/algorithm/ + - "http://localhost/dataset" + - "http://localhost/model" + - "http://localhost/validation" + - !ruby/regexp /localhost\/validation\/[a-z,A-Z,\/,_\-]*$/ + + +
\ No newline at end of file diff --git a/lib/templates/default_guest_policy.xml b/lib/templates/default_guest_policy.xml new file mode 100644 index 0000000..a778070 --- /dev/null +++ b/lib/templates/default_guest_policy.xml @@ -0,0 +1,53 @@ +<!DOCTYPE Policies PUBLIC "-//Sun Java System Access Manager7.1 2006Q3 + Admin CLI DTD//EN" "jar://com/sun/identity/policy/policyAdmin.dtd"> + +<Policies> +<Policy name="policy_user" referralPolicy="false" active="true"> + <Rule name="rule_user"> + <ServiceName name="iPlanetAMWebAgentService" /> + <ResourceName name="uri"/> + <AttributeValuePair> + <Attribute name="GET" /> + <Value>allow</Value> + </AttributeValuePair> + <AttributeValuePair> + <Attribute name="POST" /> + <Value>allow</Value> + </AttributeValuePair> + <AttributeValuePair> + <Attribute name="PUT" /> + <Value>allow</Value> + </AttributeValuePair> + <AttributeValuePair> + <Attribute name="DELETE" /> + <Value>allow</Value> + </AttributeValuePair> + </Rule> + <Subjects name="subjects_user" description=""> + <Subject name="subject_user" type="LDAPUsers" includeType="inclusive"> + <AttributeValuePair> + <Attribute name="Values"/> + <Value>uid=guest,ou=people,dc=opentox,dc=org</Value> + </AttributeValuePair> + </Subject> + </Subjects> +</Policy> +<Policy name="policy_group" referralPolicy="false" active="true"> + <Rule name="rule_group"> + <ServiceName name="iPlanetAMWebAgentService" /> + <ResourceName name="uri"/> + <AttributeValuePair> + <Attribute name="GET" /> + <Value>allow</Value> + </AttributeValuePair> + </Rule> + <Subjects name="subjects_group" description=""> + <Subject name="subject_group" type="LDAPGroups" includeType="inclusive"> + <AttributeValuePair> + <Attribute name="Values"/> + <Value>cn=member,ou=groups,dc=opentox,dc=org</Value> + </AttributeValuePair> + </Subject> + </Subjects> +</Policy> +</Policies> diff --git a/lib/templates/default_policy.xml b/lib/templates/default_policy.xml new file mode 100644 index 0000000..a778070 --- /dev/null +++ b/lib/templates/default_policy.xml @@ -0,0 +1,53 @@ +<!DOCTYPE Policies PUBLIC "-//Sun Java System Access Manager7.1 2006Q3 + Admin CLI DTD//EN" "jar://com/sun/identity/policy/policyAdmin.dtd"> + +<Policies> +<Policy name="policy_user" referralPolicy="false" active="true"> + <Rule name="rule_user"> + <ServiceName name="iPlanetAMWebAgentService" /> + <ResourceName name="uri"/> + <AttributeValuePair> + <Attribute name="GET" /> + <Value>allow</Value> + </AttributeValuePair> + <AttributeValuePair> + <Attribute name="POST" /> + <Value>allow</Value> + </AttributeValuePair> + <AttributeValuePair> + <Attribute name="PUT" /> + <Value>allow</Value> + </AttributeValuePair> + <AttributeValuePair> + <Attribute name="DELETE" /> + <Value>allow</Value> + </AttributeValuePair> + </Rule> + <Subjects name="subjects_user" description=""> + <Subject name="subject_user" type="LDAPUsers" includeType="inclusive"> + <AttributeValuePair> + <Attribute name="Values"/> + <Value>uid=guest,ou=people,dc=opentox,dc=org</Value> + </AttributeValuePair> + </Subject> + </Subjects> +</Policy> +<Policy name="policy_group" referralPolicy="false" active="true"> + <Rule name="rule_group"> + <ServiceName name="iPlanetAMWebAgentService" /> + <ResourceName name="uri"/> + <AttributeValuePair> + <Attribute name="GET" /> + <Value>allow</Value> + </AttributeValuePair> + </Rule> + <Subjects name="subjects_group" description=""> + <Subject name="subject_group" type="LDAPGroups" includeType="inclusive"> + <AttributeValuePair> + <Attribute name="Values"/> + <Value>cn=member,ou=groups,dc=opentox,dc=org</Value> + </AttributeValuePair> + </Subject> + </Subjects> +</Policy> +</Policies> diff --git a/lib/templates/users.yaml b/lib/templates/users.yaml deleted file mode 100644 index 483fd7b..0000000 --- a/lib/templates/users.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# please insert users and passwords here. -# one user and password each line. uncomment the line. -:users: -# username: "secretpassword" -# exampleuser: "ih9aiTog"
\ No newline at end of file |