1*8b3ac4dfSVladimir Kotal# Authorization plugins 2*8b3ac4dfSVladimir Kotal 3*8b3ac4dfSVladimir KotalThis directory contains various authorization plugins: 4*8b3ac4dfSVladimir Kotal 5*8b3ac4dfSVladimir Kotal - FalsePlugin - denies everything 6*8b3ac4dfSVladimir Kotal - TruePlugin - allows everything 7*8b3ac4dfSVladimir Kotal - HttpBasicAuthorizationPlugin - 8*8b3ac4dfSVladimir Kotal - SampleAuthorizationPlugin - 9*8b3ac4dfSVladimir Kotal - LdapPlugin 10*8b3ac4dfSVladimir Kotal - UserPlugin 11*8b3ac4dfSVladimir Kotal 12*8b3ac4dfSVladimir Kotal## Example configuration 13*8b3ac4dfSVladimir Kotal 14*8b3ac4dfSVladimir KotalThe following snippet configures global authorization stack with 2 REQUISITE 15*8b3ac4dfSVladimir Kotalplugins and a sub-stack with 1 SUFFICIENT and 1 REQUIRED plugin. 16*8b3ac4dfSVladimir Kotal 17*8b3ac4dfSVladimir KotalThere is a config file `ldap-plugin-config.xml` specified globally that will be 18*8b3ac4dfSVladimir Kotalused by LdapPlugin. See LdapPlugin directory for sample of this config file. 19*8b3ac4dfSVladimir Kotal 20*8b3ac4dfSVladimir Kotal 21*8b3ac4dfSVladimir Kotal```xml 22*8b3ac4dfSVladimir Kotal <!-- Authorization config begin --> 23*8b3ac4dfSVladimir Kotal 24*8b3ac4dfSVladimir Kotal <void property="pluginStack"> 25*8b3ac4dfSVladimir Kotal <!-- The setup will be inherited to all sub-stacks --> 26*8b3ac4dfSVladimir Kotal <void property="setup"> 27*8b3ac4dfSVladimir Kotal <void method="put"> 28*8b3ac4dfSVladimir Kotal <string>configuration</string> 29*8b3ac4dfSVladimir Kotal <string>/opengrok/auth/config/ldap-plugin-config.xml</string> 30*8b3ac4dfSVladimir Kotal </void> 31*8b3ac4dfSVladimir Kotal </void> 32*8b3ac4dfSVladimir Kotal 33*8b3ac4dfSVladimir Kotal <!-- get user cred from HTTP headers --> 34*8b3ac4dfSVladimir Kotal <void method="add"> 35*8b3ac4dfSVladimir Kotal <object class="org.opensolaris.opengrok.authorization.AuthorizationPlugin"> 36*8b3ac4dfSVladimir Kotal <void property="name"> 37*8b3ac4dfSVladimir Kotal <string>opengrok.auth.plugin.UserPlugin</string> 38*8b3ac4dfSVladimir Kotal </void> 39*8b3ac4dfSVladimir Kotal <void property="flag"> 40*8b3ac4dfSVladimir Kotal <string>REQUISITE</string> 41*8b3ac4dfSVladimir Kotal </void> 42*8b3ac4dfSVladimir Kotal </object> 43*8b3ac4dfSVladimir Kotal </void> 44*8b3ac4dfSVladimir Kotal 45*8b3ac4dfSVladimir Kotal <!-- get email, ou and uid --> 46*8b3ac4dfSVladimir Kotal <void method="add"> 47*8b3ac4dfSVladimir Kotal <object class="org.opensolaris.opengrok.authorization.AuthorizationPlugin"> 48*8b3ac4dfSVladimir Kotal <void property="name"> 49*8b3ac4dfSVladimir Kotal <string>opengrok.auth.plugin.LdapUserPlugin</string> 50*8b3ac4dfSVladimir Kotal </void> 51*8b3ac4dfSVladimir Kotal <void property="flag"> 52*8b3ac4dfSVladimir Kotal <string>REQUISITE</string> 53*8b3ac4dfSVladimir Kotal </void> 54*8b3ac4dfSVladimir Kotal </object> 55*8b3ac4dfSVladimir Kotal </void> 56*8b3ac4dfSVladimir Kotal 57*8b3ac4dfSVladimir Kotal <!-- Authorization stacks follow --> 58*8b3ac4dfSVladimir Kotal 59*8b3ac4dfSVladimir Kotal <void method="add"> 60*8b3ac4dfSVladimir Kotal <object class="org.opensolaris.opengrok.authorization.AuthorizationStack"> 61*8b3ac4dfSVladimir Kotal <void property="forProjects"> 62*8b3ac4dfSVladimir Kotal <void method="add"> 63*8b3ac4dfSVladimir Kotal <string>foo</string> 64*8b3ac4dfSVladimir Kotal </void> 65*8b3ac4dfSVladimir Kotal </void> 66*8b3ac4dfSVladimir Kotal <void property="forGroups"> 67*8b3ac4dfSVladimir Kotal <void method="add"> 68*8b3ac4dfSVladimir Kotal <string>mygroup</string> 69*8b3ac4dfSVladimir Kotal </void> 70*8b3ac4dfSVladimir Kotal </void> 71*8b3ac4dfSVladimir Kotal <void property="name"> 72*8b3ac4dfSVladimir Kotal <string>substack for some source code</string> 73*8b3ac4dfSVladimir Kotal </void> 74*8b3ac4dfSVladimir Kotal <void property="flag"> 75*8b3ac4dfSVladimir Kotal <string>REQUIRED</string> 76*8b3ac4dfSVladimir Kotal </void> 77*8b3ac4dfSVladimir Kotal <void method="add"> 78*8b3ac4dfSVladimir Kotal <object class="org.opensolaris.opengrok.authorization.AuthorizationPlugin"> 79*8b3ac4dfSVladimir Kotal <void property="name"> 80*8b3ac4dfSVladimir Kotal <string>opengrok.auth.plugin.LdapAttr</string> 81*8b3ac4dfSVladimir Kotal </void> 82*8b3ac4dfSVladimir Kotal <void property="flag"> 83*8b3ac4dfSVladimir Kotal <string>SUFFICIENT</string> 84*8b3ac4dfSVladimir Kotal </void> 85*8b3ac4dfSVladimir Kotal <void property="setup"> 86*8b3ac4dfSVladimir Kotal <void method="put"> 87*8b3ac4dfSVladimir Kotal <string>attribute</string> 88*8b3ac4dfSVladimir Kotal <string>mail</string> 89*8b3ac4dfSVladimir Kotal </void> 90*8b3ac4dfSVladimir Kotal <void method="put"> 91*8b3ac4dfSVladimir Kotal <string>file</string> 92*8b3ac4dfSVladimir Kotal <string>/opengrok/auth/config/whitelists/mycode-whitelist-mail.txt</string> 93*8b3ac4dfSVladimir Kotal </void> 94*8b3ac4dfSVladimir Kotal </void> 95*8b3ac4dfSVladimir Kotal </object> 96*8b3ac4dfSVladimir Kotal </void> 97*8b3ac4dfSVladimir Kotal <void method="add"> 98*8b3ac4dfSVladimir Kotal <object class="org.opensolaris.opengrok.authorization.AuthorizationPlugin"> 99*8b3ac4dfSVladimir Kotal <void property="name"> 100*8b3ac4dfSVladimir Kotal <string>opengrok.auth.plugin.LdapFilter</string> 101*8b3ac4dfSVladimir Kotal </void> 102*8b3ac4dfSVladimir Kotal <void property="flag"> 103*8b3ac4dfSVladimir Kotal <string>REQUIRED</string> 104*8b3ac4dfSVladimir Kotal </void> 105*8b3ac4dfSVladimir Kotal <void property="setup"> 106*8b3ac4dfSVladimir Kotal <void method="put"> 107*8b3ac4dfSVladimir Kotal <string>filter</string> 108*8b3ac4dfSVladimir Kotal <string>(&(objectclass=posixGroup)(cn=my_src*)(memberUid=%uid%))</string> 109*8b3ac4dfSVladimir Kotal </void> 110*8b3ac4dfSVladimir Kotal </void> 111*8b3ac4dfSVladimir Kotal </object> 112*8b3ac4dfSVladimir Kotal </void> 113*8b3ac4dfSVladimir Kotal </object> 114*8b3ac4dfSVladimir Kotal </void> 115*8b3ac4dfSVladimir Kotal 116*8b3ac4dfSVladimir Kotal <!-- Authorization config end --> 117*8b3ac4dfSVladimir Kotal </object> 118*8b3ac4dfSVladimir Kotal``` 119*8b3ac4dfSVladimir Kotal 120