Archives > Petals Webconsole > Petals Webconsole Snapshot > User Guide > 2.1-SNAPSHOT User guide > Getting familiar with the Security aspect

Getting familiar with the Security aspect




Security aspect overview:

In the Petals Webconsole the security aspect allows to create,edit, remove, ... in bulk manage user in the webapp.Petals Webconsole user may own several roles, each role

allows user to access certain parts of the application.



Role and associated access:

At the moment three roles are available in the Petals Webconsole

  • The 'viewer' can only view information.
  • The 'operator' can operate containers
  • The 'administator' have all rights (operator + user management)

First apprehension with the security in Petals Webconsole:

In the Webconsole you first contact with the security to what you would face, is the authentication at the begin of the interface.

The authentication form allows you to identify in order to access at different Webconsole functionalities associated to different user roles.

The first role which you can be connected is the role "viewer", when you are authenticated as a "viewer" two case can be appear:

  • You are connected as a "viewer" but no server was saved in Petals Webconsole:
     

    This case is simple, it's means that no server was saved and you need as a viewer you need,
    an administrator record at least one server so you can access it.
  • You are connected as a "viewer" and at least one server was saved in Petals Webconsole:
     

    In this situation at least one server was saved, so you can directly access to it.

The second role which you can be connected is the role "operator", when you are authenticated as a "operator" two case can be appear:

  • You are connected as a "operator" but no server was saved in Petals Webconsole:

This case is simple, it's means that no server was saved and you can as a operator record one server in order to access to it after.

  • You are connected as a "operator" and at least one server was saved in Petals Webconsole:
     

    In this situation at least one server was saved, so you can directly access to it or you can define a new server because you have the "operator" role.

The third role which you can be connected is the role "administrator", when you are authenticated as a "administrator" two case can be appear:

  • You are connected as a "administrator" but no server was saved in Petals Webconsole:
     

    This case is simple, it's means that no server was saved and you can as a operator record one server in order to access to it after.
  • You are connected as a "administrator" and at least one server was saved in Petals Webconsole:
     

Management user in Petals Webconsole:

Who can manage Webconsole user ? All user connected as an "administrator", with this role you can

access to the "user management" menu of the Webconsole.

This menu is only accessible by the administrator users, it's forward you toward the users management

list.

This list allows you to create, edit, delete Webconsole users. Each user row refers to one input into the

security.xml file, it's in this file where the globality of user management is collected.

You can add a new Webconsole user by clicking on the "add user" button on the top of the user list.

Following this action the Webconsole, redirect you to the user creation form where you can specify

general user parameters, like this login, password, ect ... and mostly his different roles in the Webconsole.


After you clicking on "Create" button, a new Webconsole user is created and his general parameters (login/password)
and roles were saved into the webconsole.xml file (and his password is encrypted with SHA-1 cipher algorithm).

Two other button can be used in the user management table:

The first following button on each row allows you to delete the user represented by the current row.
 
The second button allows you to edit the profile of the current user. When you click on this button the Petals

Webconsole redirect you to the edit user form, where you can change his login, password, roles ...

More explanations on each security roles :

The first role "viewer" allows to just provide a vision aspect in the Webconsole for viewer user. This

type of user may only view displayed informations in the Petals Webconsole, but he cannot achieve

any action which could impact the current Petals domain. Unlike the latter viewer role, the "operator"

role has the possibility to interact with the current Petals domain, add a new container, start a component,

install a service assembly ...

The two different interface between viewer and operator can be observed on the two screen shot below:

Component table for "viewer" user:

Component table for "operator" user:

On the two previous screen shot we can observe that the difference between the two case, it's
the operator user can manage and interact with the components.

Add or manually edit Webconsole user:

You can by yourseft add and edit user in declared in the Webconsole security file.

It's the following xml file:

security.xml file
<?xml version="1.0" encoding="UTF-8"?>
	<!--
		Petals Webconsole - Copyright (c) 2010 EBM Websourcing,
		http://www.ebmwebsourcing.com/ This library is free software; you can
		redistribute it and/or modify it under the terms of the GNU Lesser
		General Public License as published by the Free Software Foundation;
		either version 2.1 of the License, or (at your option) any later
		version. This library is distributed in the hope that it will be
		useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
		Lesser General Public License for more details. You should have
		received a copy of the GNU Lesser General Public License along with
		this library; if not, write to the Free Software Foundation, Inc., 59
		Temple Place, Suite 330, Boston, MA 02111-1307 USA Initial
		developer(s): EBM WebSourcing
	-->
<ns:Entities
	xmlns:ns="xmlmap://org.ow2.petals.tools.webconsole.services.security.model/2.1V"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="xmlmap://org.ow2.petals.tools.webconsole.services.security.model/2.1V security.xsd ">
	<!--
		******************************** WARNING
		****************************** If you want to add manually one user
		into Petals Webconsole, you must encrypt before his password. To
		encrypt the password you can use a specific Main() function of the
		Java class CipherHelper, it is located in the Java package:
		org.ow2.petals.tools.webconsole.services.security.util You can invoke
		its Main() function by providing the password that must be cipher by
		calling: Main("mypassword"). The password then will be ciphered by
		SHA1 algorithm message digester.
		**********************************************************************
	-->
	<ns:Entity login="administrator" password="b3aca92c793ee0e9b1a9b0a5f5fc044e05140df3">
		<authorizations>administrator</authorizations>
	</ns:Entity>
	<ns:Entity login="viewer" password="40b4f25b1fd956b576d880db2b41182e0444bd1d">
		<authorizations>viewer</authorizations>
	</ns:Entity>
	<ns:Entity login="operator" password="fe96dd39756ac41b74283a9292652d366d73931f">
		<authorizations>operator</authorizations>
	</ns:Entity>
</ns:Entities>

In this file each Entity refers to one Webconsole user. You can edit or add one user, but keep in mind that his password is ciphered with SHA-1 algorithm.
You must provide a ciphered password in all cases.

It's for this constraint that we provide you a main method in the Java class :

Which can cipher a clear text password that you have provided as the first parameter.

org.ow2.petals.tools.webconsole.services.security.util.CipherHelper

If you invoke the cipher main method with "mypassword" in parameter, you will get the following output:

Text [mypassword] encrypted with SHA1 message disget --> 91dfd9ddb4198affc5c194cd8ce6d338fde470e2

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.