Skip to content

Commit 8b3ac4d

Browse files
author
Vladimir Kotal
committed
add basic README
1 parent eea3f54 commit 8b3ac4d

File tree

1 file changed

+119
-0
lines changed

1 file changed

+119
-0
lines changed

plugins/README.md

Lines changed: 119 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,119 @@
1+
# Authorization plugins
2+
3+
This directory contains various authorization plugins:
4+
5+
- FalsePlugin - denies everything
6+
- TruePlugin - allows everything
7+
- HttpBasicAuthorizationPlugin -
8+
- SampleAuthorizationPlugin -
9+
- LdapPlugin
10+
- UserPlugin
11+
12+
## Example configuration
13+
14+
The following snippet configures global authorization stack with 2 REQUISITE
15+
plugins and a sub-stack with 1 SUFFICIENT and 1 REQUIRED plugin.
16+
17+
There is a config file `ldap-plugin-config.xml` specified globally that will be
18+
used by LdapPlugin. See LdapPlugin directory for sample of this config file.
19+
20+
21+
```xml
22+
<!-- Authorization config begin -->
23+
24+
<void property="pluginStack">
25+
<!-- The setup will be inherited to all sub-stacks -->
26+
<void property="setup">
27+
<void method="put">
28+
<string>configuration</string>
29+
<string>/opengrok/auth/config/ldap-plugin-config.xml</string>
30+
</void>
31+
</void>
32+
33+
<!-- get user cred from HTTP headers -->
34+
<void method="add">
35+
<object class="org.opensolaris.opengrok.authorization.AuthorizationPlugin">
36+
<void property="name">
37+
<string>opengrok.auth.plugin.UserPlugin</string>
38+
</void>
39+
<void property="flag">
40+
<string>REQUISITE</string>
41+
</void>
42+
</object>
43+
</void>
44+
45+
<!-- get email, ou and uid -->
46+
<void method="add">
47+
<object class="org.opensolaris.opengrok.authorization.AuthorizationPlugin">
48+
<void property="name">
49+
<string>opengrok.auth.plugin.LdapUserPlugin</string>
50+
</void>
51+
<void property="flag">
52+
<string>REQUISITE</string>
53+
</void>
54+
</object>
55+
</void>
56+
57+
<!-- Authorization stacks follow -->
58+
59+
<void method="add">
60+
<object class="org.opensolaris.opengrok.authorization.AuthorizationStack">
61+
<void property="forProjects">
62+
<void method="add">
63+
<string>foo</string>
64+
</void>
65+
</void>
66+
<void property="forGroups">
67+
<void method="add">
68+
<string>mygroup</string>
69+
</void>
70+
</void>
71+
<void property="name">
72+
<string>substack for some source code</string>
73+
</void>
74+
<void property="flag">
75+
<string>REQUIRED</string>
76+
</void>
77+
<void method="add">
78+
<object class="org.opensolaris.opengrok.authorization.AuthorizationPlugin">
79+
<void property="name">
80+
<string>opengrok.auth.plugin.LdapAttr</string>
81+
</void>
82+
<void property="flag">
83+
<string>SUFFICIENT</string>
84+
</void>
85+
<void property="setup">
86+
<void method="put">
87+
<string>attribute</string>
88+
<string>mail</string>
89+
</void>
90+
<void method="put">
91+
<string>file</string>
92+
<string>/opengrok/auth/config/whitelists/mycode-whitelist-mail.txt</string>
93+
</void>
94+
</void>
95+
</object>
96+
</void>
97+
<void method="add">
98+
<object class="org.opensolaris.opengrok.authorization.AuthorizationPlugin">
99+
<void property="name">
100+
<string>opengrok.auth.plugin.LdapFilter</string>
101+
</void>
102+
<void property="flag">
103+
<string>REQUIRED</string>
104+
</void>
105+
<void property="setup">
106+
<void method="put">
107+
<string>filter</string>
108+
<string>(&amp;(objectclass=posixGroup)(cn=my_src*)(memberUid=%uid%))</string>
109+
</void>
110+
</void>
111+
</object>
112+
</void>
113+
</object>
114+
</void>
115+
116+
<!-- Authorization config end -->
117+
</object>
118+
```
119+

0 commit comments

Comments
 (0)