| 68 | | An in depth proposal can be found here : link |
| 69 | | ... |
| | 68 | |
| | 69 | === basic architecture === |
| | 70 | |
| | 71 | ==== security token map ==== |
| | 72 | |
| | 73 | GeoNetwork maintains an in-memory map of security tokens, SecurityTokenMap. This map associates a session id with a security token. The token contains all information GeoNetwork uses to allow access to its resources: the User Profile and list of Groups the User is part of. When determining access rights, the metadata privileges as stored in the DBMS and Lucene (depending on type of access -- Lucene is used for free text searches) are compared to the Groups found in the security token in the current session. |
| | 74 | |
| | 75 | ==== security servlet filter ==== |
| | 76 | |
| | 77 | A servlet filter intercepts all requests to GeoNetwork and verifies whether the current session id is present in SecurityTokenMap. If it is, nothing special happens and the request continues to its destination service in GeoNetwork. If the session id is not in SecurityTokenMap, the filter requests GAAP for an anonymous security token. The session id is mapped to this anonymous token and stored in SecurityTokenMap. |
| | 78 | |
| | 79 | ==== logging in ==== |
| | 80 | |
| | 81 | When a User is logging in, the login form is requested from GAAP. GAAP uses Spring Security to access one or more security providers. If the credentials provided in the login form can be matched against one of them, a security token is created that contains all required information, the User's name (and possibly other info like contact details), Profile, and list of Groups. This security token is returned to GeoNetwork that adds or updates the entry for the current session in SecurityTokenMap. When the User logs out or the session expires the corresponding entry is removed from SecurityTokenMap. |
| | 82 | |
| | 83 | ==== logged in ==== |
| | 84 | |
| | 85 | When a User is logged in and accessing some resource where authorization is involved, SecurityTokenMap is consulted to match this User's privileges to the permissions set for the resource. As an example when a (text) search is done, the privileges stored in Lucene for each document matching the text search are compared to the Groups in SecurityTokenMap to decide whether to include a text search result in the result set returned to the client. |
| | 86 | |
| | 87 | ==== administration ==== |
| | 88 | |
| | 89 | Users with Profile "Administrator" are authorized to manage Groups, Users, and configure external (e.g. LDAP) security providers. The actual DBMS and web pages enabling this currently reside in GeoNetwork, but in our proposed architecture this belongs in GAAP. So we'll move the administration of users and groups, and also the configuration of security providers, to GAAP. |
| | 90 | |
| | 91 | The security provider configuration data is stored in a SecurityProvider DBMS table and dynamically applied to the Spring Security configuration. Security providers may be marked as ACTIVE or INACTIVE by the Administrator. When performing an authorization, GAAP's Spring Security will only consult the security providers marked as ACTIVE. |
| | 92 | |
| | 93 | ==== component model ==== |
| | 94 | |
| | 95 | A UML component model to illustrate our proposal is this: |
| | 96 | |
| | 97 | [[Image(component-model.png)]] |
| | 98 | |
