Overview

This service is used for authentication and authorization within the application.  It is also responsible for user management and leverages a "security handler" configured via the config.properties file.  The development environment uses a form of "default" security with fake users, and the production deployment uses "IMS" security with integrations to IHTSDO Identitiy Management Service.

Internal API - SecurityServiceJpa

Lower level calls of the internal API include:

• Authenticate
• Logout
• Add/update/remove/get/find user(s)
• Add/update/remove user preferences
• Get an application role for a token
• Find a username for a token

REST API - SecurityServiceRest

The public facing methods of the security service include:

• Authenticate
• Logout
• Add/update/remove/get/find user(s)
• Add/update/remove user preferences
• Get application roles (for a client UI picklist)

References/Links

• n/a