SNOMED International Mapping Tool

Space shortcuts

Child pages
  • User Management

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Overview

Documents the process for creating users, managing user application roles, and managing user project roles.

Authentication 

The default security service implementation (SecurityServiceJpa)  uses the IHTSDO user management system.  Upon authentication, a REST call is made to the configured management service to validate the user and get some basic information.  If authentication is successful, the map user information tracked by the application is updated to the latest state (including the user's name and email address).  If there isn't a map user with that username yet in the system, one is added with a default VIEWER application role.

Thus, the sequence is something like this

  • SecurityServiceJpa.authenticate is called with a username and password
  • A call out is made to the IHTSDO user management system
  • Upon successful authentication, user information is returned, including the user's full name and email address
  • If a map user with the corresponding username exists
    • The map user information is updated
  • If a map user with the corresponding username DOES NOT exist
    • A new map user is created with the username, full name, and email address and a default VIEWER application role
  • An authentication token is created and returned to the calling application for use validating subsequent mapping tool REST calls.

Configuration

The security service is configured by three properties in the config.properties file used by the running application.

  • ihtsdo.security.activated

    • Indicates whether security is turned on or off

  • ihtsdo.security.url=https://usermanagement.ihtsdotools.org/security-web/query/

    • The REST service URL to which an authentication call can be made

  • ihtsdo.security.timeout=7200000

    • The timeout amount (in milliseconds) after which a user is automatically logged out and their authToken is invalidated.

Inactivated Authentication

If the "activated" flag is set to false, the behavior is a little different.  In that case, the sequence is like this:

  • SecurityServiceJpa.authenticate is called with a username and password
  • Any password is accepted as legitimate for the username
  • The system attempts to find a map user with that username, if one does not exist, authentication fails.
  • If it finds that user, it creates and returns an authToken matching the username. 

Thus, in an "inactivated" system, users cannot be created simply by logging in.

Guest Authentication

The default security service also has special handling for the user "guest" which is authenticated by any password.  The default installation of the system runs the "import.sql" file which creates the "guest" user in the map_users table.  That means this user always exists and doesn't require authentication.  The sequence of events is exactly the same for guest login as for when security is inactivated (NOTE: this is true for guest user even if security is activated).

 

Adding an Admin User

An admin user must exist in order to perform top-level application administration activities (such as changing the application role of a user to ADMINISTRATOR).  In a new system without an existing ADMINISTRATOR

 

  • n/a

 

 

 

 

 

 

  • No labels