第2章 Security management
Security management is the process of managing users, groups, and permissions. You can control access to Business Central resources and features from the Business Central Security management page.
Business Central defines three types of entities for security management: users, groups, and roles. You can assign permissions to both roles and groups. A user inherits permissions from the groups and roles that the user is a member of.
2.1. Security management providers
In the context of security management, a realm restricts access to different application resources. Realms contain information about users, groups, roles, and permissions. A concrete user and group management service implementation for a specific realm is called a security management provider.
If the built-in security management providers do not meet the requirements of your application security realm, then you can build and register your own security management provider.
If the security management provider is not installed, the user interface for managing the security realm is not available. After you install and configure a security management provider, the user and group management features are automatically enabled in the security management user interface.
Business Central includes the Red Hat JBoss EAP security management provider which supports realm types based on the contents of the application-users.properties or application-roles.properties property file.
2.1.1. Configuring the Red Hat JBoss EAP security management provider based on property files
You can build and register your own Red Hat JBoss EAP security management provider. To use the Red Hat JBoss EAP security management provider based on property files, complete the steps in this procedure.
Prerequisites
- Red Hat JBoss EAP is installed.
Procedure
To use an existing users or roles property file from the Red Hat JBoss EAP instance, include the following system properties in the
EAP_HOME/standalone/configuration/application-users.propertiesandEAP_HOME/standalone/configuration/application-roles.propertiesfiles, as shown in the following example:<property name="org.uberfire.ext.security.management.wildfly.properties.realm" value="ApplicationRealm"/> <property name="org.uberfire.ext.security.management.wildfly.properties.users-file-path" value="/standalone/configuration/application-users.properties"/> <property name="org.uberfire.ext.security.management.wildfly.properties.groups-file-path" value="/standalone/configuration/application-roles.properties"/>
The following table provides a description and default value for these properties:
表2.1 Red Hat JBoss EAP security management provider based on property files
Property Description Default value org.uberfire.ext.security.management.wildfly.properties.realmThe name of the realm. This property is not mandatory.
ApplicationRealmorg.uberfire.ext.security.management.wildfly.properties.users-file-pathThe absolute file path for the users property file. This property is mandatory.
./standalone/configuration/application-users.propertiesorg.uberfire.ext.security.management.wildfly.properties.groups-file-pathThe absolute file path for the groups property file. This property is mandatory.
./standalone/configuration/application-roles.propertiesCreate the
security-management.propertiesfile in the root directory of your application. For example, create the following file:src/main/resources/security-management.properties
Enter the following system property and security provider name as a value in the
security-management.propertiesfile:<property name="org.uberfire.ext.security.management.api.userManagementServices" value="WildflyUserManagementService"/>
2.1.2. Configuring the Red Hat JBoss EAP security management provider based on property files and CLI mode
To use the Red Hat JBoss EAP security management provider based on property files and CLI mode, complete the steps in this procedure.
Prerequisites
- Red Hat JBoss EAP is installed.
Procedure
To use an existing users or roles property file from the Red Hat JBoss EAP instance, include the following system properties in the
EAP_HOME/standalone/configuration/application-users.propertiesandEAP_HOME/standalone/configuration/application-roles.propertiesfiles, as shown in the following example:<property name="org.uberfire.ext.security.management.wildfly.cli.host" value="localhost"/> <property name="org.uberfire.ext.security.management.wildfly.cli.port" value="9990"/> <property name="org.uberfire.ext.security.management.wildfly.cli.user" value="<USERNAME>"/> <property name="org.uberfire.ext.security.management.wildfly.cli.password" value="<USER_PWD>"/> <property name="org.uberfire.ext.security.management.wildfly.cli.realm" value="ApplicationRealm"/>
The following table provides a description and default value for these properties:
表2.2 Red Hat JBoss EAP security management provider based on property files and CLI mode
Property Description Default value org.uberfire.ext.security.management.wildfly.cli.hostThe native administration interface host.
localhostorg.uberfire.ext.security.management.wildfly.cli.portThe native administration interface port.
9990org.uberfire.ext.security.management.wildfly.cli.userThe native administration interface username.
NA
org.uberfire.ext.security.management.wildfly.cli.passwordThe native administration interface user’s password.
NA
org.uberfire.ext.security.management.wildfly.cli.realmThe realm used by the application’s security context.
ApplicationRealmCreate the
security-management.propertiesfile in the root directory of your application. For example, create the following file:src/main/resources/security-management.properties
Enter the following system property and security provider name as a value in the
security-management.propertiesfile:<property name="org.uberfire.ext.security.management.api.userManagementServices" value="WildflyCLIUserManagementService"/>
