This page describe all the steps to enable Atlassian Crowd based authorization and authentication to an IHTSDO tools application using Identity Management Service.

Step-by-step guide

  1. Login to crowd interface

    In order to create application user group, user should have crowd admin role.

  2. Define a application user group(s)

    1. Create application specific group. For example WRP admin can be ihtsdo-wrp-admin. A normal WRP user can be categorize under ihtsdo-wrp-users

      This step can be skipped if application want to use default user group - ihtsdo-users for an application for authorization

  3. Add newly created group to ihtsdo-tools application as shown in image

  4. Enable back end security using spring security.

    1. In order to enable spring based security, application should use dependency of ihtsdo-crowd-resources and ihtsdo-crowd-bridge modules in its maven build.  An example of these is given as below.

      Authorization is specific to individual application under IHTSDO tools and application should decide how to enforce authorization to available roles to application.

      Maven Dependency

    2. Load crowd spring bean resources application-im-common-security-config.xml and applicationContext-CrowdClient.xml. Loading can be done using both xml or java annotation way. Example is

      Crowd Spring Beans
      Xml Config
      <import resource="classpath:applicationContext-CrowdClient.xml" />, <import resource="classpath:application-im-common-security-config.xml" /> 
      Java annotation
    3.  Bundle above crowd spring bean resource files in war.

      Maven Crowd Resources Loading
    4. Enable method level security using spring security annotation or xml config.

      Method Security Configuration
      <sec:global-method-security pre-post-annotations="enabled"/>
    5. Use Method annotation or resource annotation to enforce authorization to desired role. See example in Identity Service module or Refset service module.


Error rendering macro 'contentbylabel'

parameters should not be empty