diff options
| author | gebele <gebele@in-silico.ch> | 2013-06-05 17:12:48 +0200 |
|---|---|---|
| committer | gebele <gebele@in-silico.ch> | 2013-06-05 17:12:48 +0200 |
| commit | 923a684ae3040a22c353453e77b3da55f94bf61c (patch) | |
| tree | 465dc5f7c137a287fae2101108cdf98fa17cb8d2 | |
| parent | 8301c07ca829aec51f44fbd29b70deb1ce97a0ef (diff) | |
| parent | 1021025b6e8c550feda2bc7273dc6187a81f21b8 (diff) | |
Merge branch 'master' of github.com:/opentox/opentox.github.com
3 files changed, 48 insertions, 5 deletions
diff --git a/_posts/2012-07-16-example-webservice-configuration-file.md b/_posts/2012-07-16-example-webservice-configuration-file.md index b82e348..8be3e45 100644 --- a/_posts/2012-07-16-example-webservice-configuration-file.md +++ b/_posts/2012-07-16-example-webservice-configuration-file.md @@ -44,3 +44,6 @@ Example content of a webservice configuration file. The webservices config file * authorize_exceptions: URIs with authorization exceptions * __$WEBSERVICE_NAME__ Hash: standard configuration of a the webservice. URI and anything else what is needed. + + +see also [webservice configuration example](/Installation/2013/05/03/authorization--authentication-configuration-opentox-serverclient--300/) for opentox-(client/server) version >= 3.0.0. diff --git a/_posts/2012-09-03-authorization--authentication-flow-and-configuration.md b/_posts/2012-09-03-authorization--authentication-flow-and-configuration.md index 901fe4e..205b6ed 100644 --- a/_posts/2012-09-03-authorization--authentication-flow-and-configuration.md +++ b/_posts/2012-09-03-authorization--authentication-flow-and-configuration.md @@ -7,9 +7,10 @@ tags: [Configuration, Setup, Webservices] --- {% include JB/setup %} +see also [webservice configuration example](/Installation/2013/05/03/authorization--authentication-configuration-opentox-serverclient--300/) for opentox-(client/server) version >= 3.0.0. A&A How it works -========= +------- A&A is located in a before filter method of the ruby framework sinatra, which means every request (REST) to the sinatra application is controlled by the code inside this filter befor anything else happens. If A&A is activated: @@ -22,7 +23,7 @@ If A&A is activated: A&A Flow opentox-ruby gem -========= +------- Graphical Flow of Authorization & Authentication for webservices using the opentox-ruby gem. Webservice configuration is located in **/home/USERNAME/.opentox/config/ENVIRONMENT.yaml** @@ -30,7 +31,7 @@ Graphical Flow of Authorization & Authentication for webservices using the opent Configuration options -========= +------- inside the authorization block (see also configuration example) * `server`- openSSO server URI. If this line is set to `:server: ` A&A is disabled. * `free_request` - requests without any Authorization and Authentication **GET, POST, PUT, DELETE** (maybe also HEAD in newer Versions) @@ -42,7 +43,7 @@ inside the authorization block (see also configuration example) <br /> String or regex URIs -========= +------- URIs in `free_uris` and `authorize_exceptions` are possible as string or regex e.G.: @@ -55,7 +56,7 @@ defines free access to GET request for "http://SEVER/model" exact URI, not to "h the regex `!ruby/regexp /http:\/\/SERVER\/algorithm/` gives free GET request to "http://SERVER/agorithm/" and all addresses below like "http://SERVER/algorithm/bbrc/". Configuration-file example -========= +------- # OpenSSO Authorization # set ":server: " to disable A&A diff --git a/_posts/2013-05-03-authorization--authentication-configuration-opentox-serverclient--300.md b/_posts/2013-05-03-authorization--authentication-configuration-opentox-serverclient--300.md new file mode 100644 index 0000000..2a9fa0f --- /dev/null +++ b/_posts/2013-05-03-authorization--authentication-configuration-opentox-serverclient--300.md @@ -0,0 +1,39 @@ +--- +layout: post +title: "Authorization & Authentication Configuration (opentox (server/client) >= 3.0.0)" +description: "Authorization & Authentication Configuration for opentox-client opentox-server >= Version 3.0.0" +category: Installation +tags: [Configuration, Setup, Webservices] +--- +{% include JB/setup %} + +This page describes the newer Authorization & Authentication configuration for opentox webservices. Configuration has changed from a single YAML file to SERVICENAME.rb files for each service. Opentox webservices (algorithm, compound, dataset, feature, model, task, validation) do load `/home/USERNAME/.opentox/config/default.rb` on startup for default or global settings. After **default.rb** each service loads its own configuration file `/home/USERNAME/.opentox/config/SERVICENAME.rb`. This may also overwrite settings from **default.rb**. + +A&A How it works +---- +[Description](/Installation/2012/09/03/authorization--authentication-flow-and-configuration/) see paragraphs **A&A How it works** and **A&A Flow opentox-ruby gem** for Versions below 3.0.0 . + + +Configuration-file example +---- +Example A&A configuration for the dataset service. Configuration-file is **/home/USERNAME/.opentox/config/dataset.rb** + + $dataset = { :uri => "https://myserver.org/dataset" } + $aa = { + :uri => 'https://opensso.in-silico.ch', + :free_request => [:HEAD], + :authenticate_request => [], + :authorize_request => [:GET, :POST, :DELETE, :PUT], + :authorize_exceptions => { [:GET,:POST] => [$dataset[:uri], "#{$dataset[:uri]}/test/task_error", "#{$dataset[:uri]}/test/error_in_task"] } + } + +Configuration options +---- +* `$dataset = { :uri => "https://myserver.org/dataset" }` sets the URI to the dataset service itself. +* `$aa = { :uri => nil }` turns A&A off. +* `:uri => 'https://opensso.in-silico.ch'` set the OpenSSO server URI. +* `:free_request => [:HEAD]` define all free request methods. Set HEAD method as a free request method for internal control calls. +* `:authenticate_request => []` request methods that needs only Authentification. Request must have a valid subjectid, but no policy. +* `:authorize_request => [:GET, :POST, :DELETE, :PUT]` request methods with authorization controll +* `:authorize_exceptions => { [:GET,:POST] => [$dataset[:uri], "#{$dataset[:uri]}/test/task_error", "#{$dataset[:uri]}/test/error_in_task"] }` authorization exceptions defined as a Hash of request-methods-array keys mapped to URI-array values. In this case you are allowed to GET and POST to the base service URI to get a list of datasets or to POST a new dataset. + `"#{$dataset[:uri]}/test/error_in_task"` defines a URI used in a test call.
\ No newline at end of file |