diff options
author | rautenberg <rautenberg@in-silico.ch> | 2012-10-01 11:14:20 +0200 |
---|---|---|
committer | rautenberg <rautenberg@in-silico.ch> | 2012-10-01 11:14:20 +0200 |
commit | 7c64e61d16d2495e664478f250e4d0cc6f1d9417 (patch) | |
tree | 5840a9438c3fa24611b402caa62b220c3571eed9 | |
parent | 16c57b5dba52cf1505acb6fc81a449ad0b5dfcbf (diff) |
extend A&A description
-rw-r--r-- | _posts/2012-09-03-authorization--authentication-flow-and-configuration.md | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/_posts/2012-09-03-authorization--authentication-flow-and-configuration.md b/_posts/2012-09-03-authorization--authentication-flow-and-configuration.md index 393f493..142b1de 100644 --- a/_posts/2012-09-03-authorization--authentication-flow-and-configuration.md +++ b/_posts/2012-09-03-authorization--authentication-flow-and-configuration.md @@ -8,6 +8,17 @@ tags: [Setup, webservices] {% include JB/setup %} +A&A How it works +========= +A&A is located in a before filter method of the ruby framework sinatra, which means every request (REST) to the sinatra application is controlled by the code inside this filter befor anything else happens. + +If A&A is activated: + +1. every request is disallowed. +2. you can define exeptions in the configuration file => __CONFIGURATION__ + * authentification exeptions + * authorization exeptions +3. you can allow one or more REST request (GET, POST, PUT, DELETE) to an URI controlled by the openSSO server, defined in policies. => __POLICIES__ A&A Flow opentox-ruby gem @@ -21,8 +32,8 @@ Graphical Flow of Authorization & Authentication for webservices using the opent Configuration options ========= inside the authorization block (see also configuration example) -* `server`- openSSO server URI -* `free_request` - requests without any Authorization and Authentication **GET, POST, PUT, DELETE** (maybe HEAD in newer Versions) +* `server`- openSSO server URI. If this line is set to `:server: ` A&A is disabled. +* `free_request` - requests without any Authorization and Authentication **GET, POST, PUT, DELETE** (maybe also HEAD in newer Versions) * `authenticate_request` - requests with Authentication but without Authorization **GET, POST, PUT, DELETE** * `authorize_request` - requests controlled by Authentication and Authorization **GET, POST, PUT, DELETE** * `free_uris` - YAML hash of requests and URIs not controlled by A&A |