{section}
{column}
\\
h1. Security aspect overview:\\
In the Petals Webconsole the security aspect allows to create,edit, remove, ... in bulk manage user in the webapp.Petals Webconsole user may own several roles, each role
allows user to access certain parts of the application.
\\
{column}\\
{column:width=350px}
{toc}\\
\\
{column}\\
{section}
h1. Role and associated access:\\
At the moment three roles are available in the Petals Webconsole
- The 'viewer' can only view information.
- The 'operator' can operate containers
- The 'administator' have all rights (operator + user management)
h1. First apprehension with the security in Petals Webconsole:
In the Webconsole you first contact with the security {color:#000000}to what you would face, is the authentication at the begin of the interface.{color}
{color:#000000}The authentication form allows you to identify in order to access at different Webconsole functionalities associated to different user roles.{color}
!petals-wconsole-security-authentication.png|thumbnail!
{color:#000000}The{color} {color:#000000}{*}first role{*}{color} {color:#000000}which you can be connected is the role "{color}{color:#000000}{_}viewer{_}{color}{color:#000000}", when you are authenticated as a "{color}{color:#000000}{_}viewer{_}{color}{color:#000000}" two case can be appear:{color}
* {color:#000000}You are connected as a "viewer" but no server was saved in Petals Webconsole:{color}
!petals-wconsole-viewer-authentication-1.png|thumbnail!
This case is simple, it's means that no server was saved and you need as a viewer you need,
an administrator record at least one server so you can access it.
* You are connected as a "viewer" and at least one server was saved in Petals Webconsole:
!petals-wconsole-viewer-authentication-2.png|thumbnail!
In this situation at least one server was saved, so you can directly access to it.
{color:#000000}The{color} {color:#000000}{*}second role{*}{color} {color:#000000}which you can be connected is the role "{color}{color:#000000}{_}operator{_}{color}{color:#000000}", when you are authenticated as a "{color}{color:#000000}{_}operator{_}{color}{color:#000000}" two case can be appear:{color}
* {color:#000000}You are connected as a "{color}{color:#000000}{_}operator{_}{color}{color:#000000}" but no server was saved in Petals Webconsole:{color}
!petals-wconsole-operator-authentication-1.png|thumbnail!
This case is simple, it's means that no server was saved and you can as a operator record one server in order to access to it after.
* You are connected as a "{color:#000000}{_}operator{_}{color}" and at least one server was saved in Petals Webconsole:
!petals-wconsole-operator-authentication-2.png|thumbnail!
In this situation at least one server was saved, so you can directly access to it or you can define a new server because you have the "_operator_" role.
{color:#000000}The{color} {color:#000000}{*}third role{*}{color} {color:#000000}which you can be connected is the role "{color}{color:#000000}{_}administrator{_}{color}{color:#000000}", when you are authenticated as a "{color}{color:#000000}{_}administrator{_}{color}{color:#000000}" two case can be appear:{color}\\
* {color:#000000}You are connected as a "{color}{color:#000000}{_}administrator{_}{color}{color:#000000}" but no server was saved in Petals Webconsole:{color}
!petals-wconsole-administrator-authentication-2.png|thumbnail!
This case is simple, it's means that no server was saved and you can as a operator record one server in order to access to it after.
\\
* You are connected as a "{color:#000000}{_}administrator{_}{color}" and at least one server was saved in Petals Webconsole:
!petals-wconsole-administrator-authentication-1.png|thumbnail!
h1. Management user in Petals Webconsole:
Who can manage Webconsole user ? All user connected as an "_administrator_", with this role you can
access to the "*user management*" menu of the Webconsole.
!petals-wconsole-administrator-menu.png|thumbnail!
This menu is only accessible by the administrator users, it's forward you toward the users management
list.
!petals-wconsole-administration-list.png|thumbnail!
This list allows you to create, edit, delete Webconsole users. Each _user row_ refers to _one input_ into the
+security.xml+ file, it's in this file where the globality of user management is collected.
You can add a new Webconsole user by clicking on the "_add user_" !petals-wconsole-administration-user-add.png|thumbnail! button on the top of the user list.
Following this action the Webconsole, redirect you to the user creation form where you can specify
general user parameters, like this login, password, ect ... and mostly his different roles in the Webconsole.
!petals-wconsole-administration-user-creation-form.png|thumbnail!
After you clicking on "_Create_" button, a new Webconsole user is *created* and his general parameters (login/password)
and roles were saved into the _webconsole.xml_ file (and his password is encrypted with +SHA-1+ cipher algorithm).
Two other button can be used in the user management table:
The first following button !petals-wconsole-administration-user-delete.png|thumbnail! on each row allows you to delete the user represented by the current row.
The second button !petals-wconsole-administration-user-edit.png|thumbnail! allows you to edit the profile of the current user. When you click on this button the Petals
Webconsole redirect you to the edit user form, where you can change his login, password, roles ...
!petals-wconsole-administration-user-edit-form.png|thumbnail!
h1. More explanations on each security roles :
The first role "viewer" allows to just provide a vision aspect in the Webconsole for viewer user. This
type of user may only view displayed informations in the Petals Webconsole, but he cannot achieve
any action which could impact the current Petals domain. Unlike the latter viewer role, the "operator"
role has the possibility to interact with the current Petals domain, add a new container, start a component,
install a service assembly ...
The two different interface between viewer and operator can be observed on the two screen shot below:
Component table for "_viewer_" user:
!petals-wconsole-administration-viewer-view.png|thumbnail!
Component table for "_operator_" user:
!petals-wconsole-administration-operator-view.png|thumbnail!
On the two previous screen shot we can observe that the difference between the two case, it's
the operator user can +manage and interact+ with the components.
h1. Add or manually edit Webconsole user:
You can by yourseft add and edit user in declared in the Webconsole security file.
It's the following xml file:
{code:language=xml|title=security.xml file}<?xml version="1.0" encoding="UTF-8"?>
<!--
Petals Webconsole - Copyright (c) 2010 EBM Websourcing,
http://www.ebmwebsourcing.com/ This library is free software; you can
redistribute it and/or modify it under the terms of the GNU Lesser
General Public License as published by the Free Software Foundation;
either version 2.1 of the License, or (at your option) any later
version. This library is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details. You should have
received a copy of the GNU Lesser General Public License along with
this library; if not, write to the Free Software Foundation, Inc., 59
Temple Place, Suite 330, Boston, MA 02111-1307 USA Initial
developer(s): EBM WebSourcing
-->
<ns:Entities
xmlns:ns="xmlmap://org.ow2.petals.tools.webconsole.services.security.model/2.1V"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="xmlmap://org.ow2.petals.tools.webconsole.services.security.model/2.1V security.xsd ">
<!--
******************************** WARNING
****************************** If you want to add manually one user
into Petals Webconsole, you must encrypt before his password. To
encrypt the password you can use a specific Main() function of the
Java class CipherHelper, it is located in the Java package:
org.ow2.petals.tools.webconsole.services.security.util You can invoke
its Main() function by providing the password that must be cipher by
calling: Main("mypassword"). The password then will be ciphered by
SHA1 algorithm message digester.
**********************************************************************
-->
<ns:Entity login="administrator" password="b3aca92c793ee0e9b1a9b0a5f5fc044e05140df3">
<authorizations>administrator</authorizations>
</ns:Entity>
<ns:Entity login="viewer" password="40b4f25b1fd956b576d880db2b41182e0444bd1d">
<authorizations>viewer</authorizations>
</ns:Entity>
<ns:Entity login="operator" password="fe96dd39756ac41b74283a9292652d366d73931f">
<authorizations>operator</authorizations>
</ns:Entity>
</ns:Entities>{code}
In this file each Entity refers to one Webconsole user. You can edit or add one user, but keep in mind that his password is ciphered with SHA-1 algorithm.
You must provide a ciphered password in all cases.
It's for this constraint that we provide you a main method in the Java class :
Which can cipher a clear text password that you have provided as the first parameter.
*org.ow2.petals.tools.webconsole.services.security.util.CipherHelper*
If you invoke the cipher main method with "+mypassword+" in parameter, you will get the following output:
Text \[mypassword\] encrypted with SHA1 message disget \--> 91dfd9ddb4198affc5c194cd8ce6d338fde470e2
{column}
\\
h1. Security aspect overview:\\
In the Petals Webconsole the security aspect allows to create,edit, remove, ... in bulk manage user in the webapp.Petals Webconsole user may own several roles, each role
allows user to access certain parts of the application.
\\
{column}\\
{column:width=350px}
{toc}\\
\\
{column}\\
{section}
h1. Role and associated access:\\
At the moment three roles are available in the Petals Webconsole
- The 'viewer' can only view information.
- The 'operator' can operate containers
- The 'administator' have all rights (operator + user management)
h1. First apprehension with the security in Petals Webconsole:
In the Webconsole you first contact with the security {color:#000000}to what you would face, is the authentication at the begin of the interface.{color}
{color:#000000}The authentication form allows you to identify in order to access at different Webconsole functionalities associated to different user roles.{color}
!petals-wconsole-security-authentication.png|thumbnail!
{color:#000000}The{color} {color:#000000}{*}first role{*}{color} {color:#000000}which you can be connected is the role "{color}{color:#000000}{_}viewer{_}{color}{color:#000000}", when you are authenticated as a "{color}{color:#000000}{_}viewer{_}{color}{color:#000000}" two case can be appear:{color}
* {color:#000000}You are connected as a "viewer" but no server was saved in Petals Webconsole:{color}
!petals-wconsole-viewer-authentication-1.png|thumbnail!
This case is simple, it's means that no server was saved and you need as a viewer you need,
an administrator record at least one server so you can access it.
* You are connected as a "viewer" and at least one server was saved in Petals Webconsole:
!petals-wconsole-viewer-authentication-2.png|thumbnail!
In this situation at least one server was saved, so you can directly access to it.
{color:#000000}The{color} {color:#000000}{*}second role{*}{color} {color:#000000}which you can be connected is the role "{color}{color:#000000}{_}operator{_}{color}{color:#000000}", when you are authenticated as a "{color}{color:#000000}{_}operator{_}{color}{color:#000000}" two case can be appear:{color}
* {color:#000000}You are connected as a "{color}{color:#000000}{_}operator{_}{color}{color:#000000}" but no server was saved in Petals Webconsole:{color}
!petals-wconsole-operator-authentication-1.png|thumbnail!
This case is simple, it's means that no server was saved and you can as a operator record one server in order to access to it after.
* You are connected as a "{color:#000000}{_}operator{_}{color}" and at least one server was saved in Petals Webconsole:
!petals-wconsole-operator-authentication-2.png|thumbnail!
In this situation at least one server was saved, so you can directly access to it or you can define a new server because you have the "_operator_" role.
{color:#000000}The{color} {color:#000000}{*}third role{*}{color} {color:#000000}which you can be connected is the role "{color}{color:#000000}{_}administrator{_}{color}{color:#000000}", when you are authenticated as a "{color}{color:#000000}{_}administrator{_}{color}{color:#000000}" two case can be appear:{color}\\
* {color:#000000}You are connected as a "{color}{color:#000000}{_}administrator{_}{color}{color:#000000}" but no server was saved in Petals Webconsole:{color}
!petals-wconsole-administrator-authentication-2.png|thumbnail!
This case is simple, it's means that no server was saved and you can as a operator record one server in order to access to it after.
\\
* You are connected as a "{color:#000000}{_}administrator{_}{color}" and at least one server was saved in Petals Webconsole:
!petals-wconsole-administrator-authentication-1.png|thumbnail!
h1. Management user in Petals Webconsole:
Who can manage Webconsole user ? All user connected as an "_administrator_", with this role you can
access to the "*user management*" menu of the Webconsole.
!petals-wconsole-administrator-menu.png|thumbnail!
This menu is only accessible by the administrator users, it's forward you toward the users management
list.
!petals-wconsole-administration-list.png|thumbnail!
This list allows you to create, edit, delete Webconsole users. Each _user row_ refers to _one input_ into the
+security.xml+ file, it's in this file where the globality of user management is collected.
You can add a new Webconsole user by clicking on the "_add user_" !petals-wconsole-administration-user-add.png|thumbnail! button on the top of the user list.
Following this action the Webconsole, redirect you to the user creation form where you can specify
general user parameters, like this login, password, ect ... and mostly his different roles in the Webconsole.
!petals-wconsole-administration-user-creation-form.png|thumbnail!
After you clicking on "_Create_" button, a new Webconsole user is *created* and his general parameters (login/password)
and roles were saved into the _webconsole.xml_ file (and his password is encrypted with +SHA-1+ cipher algorithm).
Two other button can be used in the user management table:
The first following button !petals-wconsole-administration-user-delete.png|thumbnail! on each row allows you to delete the user represented by the current row.
The second button !petals-wconsole-administration-user-edit.png|thumbnail! allows you to edit the profile of the current user. When you click on this button the Petals
Webconsole redirect you to the edit user form, where you can change his login, password, roles ...
!petals-wconsole-administration-user-edit-form.png|thumbnail!
h1. More explanations on each security roles :
The first role "viewer" allows to just provide a vision aspect in the Webconsole for viewer user. This
type of user may only view displayed informations in the Petals Webconsole, but he cannot achieve
any action which could impact the current Petals domain. Unlike the latter viewer role, the "operator"
role has the possibility to interact with the current Petals domain, add a new container, start a component,
install a service assembly ...
The two different interface between viewer and operator can be observed on the two screen shot below:
Component table for "_viewer_" user:
!petals-wconsole-administration-viewer-view.png|thumbnail!
Component table for "_operator_" user:
!petals-wconsole-administration-operator-view.png|thumbnail!
On the two previous screen shot we can observe that the difference between the two case, it's
the operator user can +manage and interact+ with the components.
h1. Add or manually edit Webconsole user:
You can by yourseft add and edit user in declared in the Webconsole security file.
It's the following xml file:
{code:language=xml|title=security.xml file}<?xml version="1.0" encoding="UTF-8"?>
<!--
Petals Webconsole - Copyright (c) 2010 EBM Websourcing,
http://www.ebmwebsourcing.com/ This library is free software; you can
redistribute it and/or modify it under the terms of the GNU Lesser
General Public License as published by the Free Software Foundation;
either version 2.1 of the License, or (at your option) any later
version. This library is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details. You should have
received a copy of the GNU Lesser General Public License along with
this library; if not, write to the Free Software Foundation, Inc., 59
Temple Place, Suite 330, Boston, MA 02111-1307 USA Initial
developer(s): EBM WebSourcing
-->
<ns:Entities
xmlns:ns="xmlmap://org.ow2.petals.tools.webconsole.services.security.model/2.1V"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="xmlmap://org.ow2.petals.tools.webconsole.services.security.model/2.1V security.xsd ">
<!--
******************************** WARNING
****************************** If you want to add manually one user
into Petals Webconsole, you must encrypt before his password. To
encrypt the password you can use a specific Main() function of the
Java class CipherHelper, it is located in the Java package:
org.ow2.petals.tools.webconsole.services.security.util You can invoke
its Main() function by providing the password that must be cipher by
calling: Main("mypassword"). The password then will be ciphered by
SHA1 algorithm message digester.
**********************************************************************
-->
<ns:Entity login="administrator" password="b3aca92c793ee0e9b1a9b0a5f5fc044e05140df3">
<authorizations>administrator</authorizations>
</ns:Entity>
<ns:Entity login="viewer" password="40b4f25b1fd956b576d880db2b41182e0444bd1d">
<authorizations>viewer</authorizations>
</ns:Entity>
<ns:Entity login="operator" password="fe96dd39756ac41b74283a9292652d366d73931f">
<authorizations>operator</authorizations>
</ns:Entity>
</ns:Entities>{code}
In this file each Entity refers to one Webconsole user. You can edit or add one user, but keep in mind that his password is ciphered with SHA-1 algorithm.
You must provide a ciphered password in all cases.
It's for this constraint that we provide you a main method in the Java class :
Which can cipher a clear text password that you have provided as the first parameter.
*org.ow2.petals.tools.webconsole.services.security.util.CipherHelper*
If you invoke the cipher main method with "+mypassword+" in parameter, you will get the following output:
Text \[mypassword\] encrypted with SHA1 message disget \--> 91dfd9ddb4198affc5c194cd8ce6d338fde470e2