HI,
A few questions about the Geonetwork APIs security.
1. Are the actions (CRUD) only permitted to authorised users ? Who are the authorised users?
[cid:image003.jpg@...1693...]
1. The ‘Authorise ‘ function in the picture – how does it work?
1. What does it mean when there is a lock against an action?
2. The ‘Try it out” against each action – It’s not an actual updates or delete , is it?
Thanks in advance.
Peck
-----------------------------------------------------------------------------------------------------
Peck Choo Tan I Analyst Programmer
GNS Science I Te Pῡ Ao
1 Fairway Drive, Avalon 5010, PO Box 30368, Lower Hutt 5040, New Zealand
Ph 04 570 4739 I Mob 021 2178684
http://www.gns.cri.nz/ | Email: p.tan@...1298...
Notice: This email and any attachments are confidential and may not be used, published or redistributed without the prior written consent of the Institute of Geological and Nuclear Sciences Limited (GNS Science). If received in error please destroy and immediately notify GNS Science. Do not copy or disclose the contents.
(attachments)
Hi Peck
Authorisations for services are defined in
https://github.com/geonetwork/core-geonetwork/blob/3.4.x/web/src/main/webapp/WEB-INF/config-security/config-security-mapping.xml,
this file has permissions mostly for the legacy services that are using
Jeeves framework (not yet migrated to the new API that uses Spring MVC)
For the new API, authorisations are defined in the Java methods for each
end-point using @PreAuthorize annotation, like:
https://github.com/geonetwork/core-geonetwork/blob/3.4.x/services/src/main/java/org/fao/geonet/api/categories/TagsApi.java#L94
If no annotation in an end-point in the new API , the endpoint is public.
Regards,
Jose García
On Fri, Aug 17, 2018 at 2:20 PM, Peck-Choo Tan <P.Tan@anonymised.com> wrote:
HI,
A few questions about the Geonetwork APIs security.
1. Are the actions (CRUD) only permitted to authorised users ? Who are
the authorised users?
[cid:image003.jpg@anonymised.com]
1. The ‘Authorise ‘ function in the picture – how does it work?
1. What does it mean when there is a lock against an action?
2. The ‘Try it out” against each action – It’s not an actual updates or
delete , is it?
Thanks in advance.
Peck
------------------------------------------------------------
-----------------------------------------
Peck Choo Tan I Analyst Programmer
GNS Science I Te Pῡ Ao
1 Fairway Drive, Avalon 5010, PO Box 30368, Lower Hutt 5040, New Zealand
Ph 04 570 4739 I Mob 021 2178684
http://www.gns.cri.nz/ | Email: p.tan@anonymised.com
Notice: This email and any attachments are confidential and may not be
used, published or redistributed without the prior written consent of the
Institute of Geological and Nuclear Sciences Limited (GNS Science). If
received in error please destroy and immediately notify GNS Science. Do not
copy or disclose the contents.
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/
projects/geonetwork
--
*Vriendelijke groeten / Kind regards,Jose García
<http://www.geocat.net/>Veenderweg 136721 WD BennekomThe NetherlandsT: +31
(0)318 416664 <+31318416664> <https://www.facebook.com/geocatbv>
<https://twitter.com/geocat_bv>
<https://plus.google.com/u/1/+GeocatNetbv/posts>Please consider the
environment before printing this email.*