Cloud Security Configuration
A security implementation that uses the cloud
This software is OSI Certified Open Source Software. OSI Certified is a certification mark of the Open Source Initiative.
The license (Mozilla version 1.0) can be read at the MMBase site. See http://www.mmbase.org/license
Table of Contents
Cloud security uses the object mmbaseusers to store information used for authorization and authentication of users. The two main advantages of this security implementation are that the user administration can be carried out by using a web-browser (instead of editing a file on the file system) and that the users of your MMBase installation are available as objects in the cloud. For instance, it is possible to create groups of users, which are allowed to carry out certain tasks. This document gives an overview on how to install and use the cloud security.
This is not the only cloud security implementation available. Since MMBase 1.7 there is also a 'cloud context' security implementation available, which combines the advantages of this cloud security with the power of 'context' security. It can be downloaded separately.
Users are stored in the object 'mmbaseusers'. Users can be added by the user 'admin' (default password: 'admin2k'). The passwords are stored with an MD5 encryption, and can only be changed by the user itself, or by the 'admin'.
Admin has the rank 'administrator', users that are not logged in have the rank 'anonymous', all other users have rank 'basic user'.
For every node in the system the following rules apply:
Every node can be read
Admin may do everything, except deleting it's own usernode
Normal users may create new objects of the type's that are not system builders. Objects can belong to a user (only that user and the admin can change it) or they may be shared (all logged in users can change the node). An object can be given the user [shared] by using the JSP editors.
To install Cloud Security you have to:
add the builder 'mmbaseusers ' to your MMBase installation. After adding the builder you have to temporarily turn off security and fill the object 'mmbaseusers ' by the admin user. E.g. login admin and password admin2k. See the 'Configuring the security framework' on how to switch off security.
Another way to add the builder 'mmbaseusers' to your MMBase installation is to load the CloudSecurity application. Refer to the documentation on MMBase applications to see how you can load applications. After loading the CloudSecurity the user admin / admin2k is automatically added to your installation.
set the authentication and authorization class in the file <config dir>/security/security.xml.
<authentication class='org.mmbase.security.implementation.cloud.Authenticate' url='' />
<authorization class='org.mmbase.security.implementation.cloud.Verify' url='' />
It is also possible to only use authentication. When disabling authorization pages can still be secured by a login and password. However MMBase does no longer check whether or not an MMBase user is allowed to create, change or delete an object. To disable authorization use:
<authorization class='org.mmbase.security.NoAuthorization' url='' />
This is part of the MMBase documentation.
For questions and remarks about this documentation mail to: [email protected]