REST Security

REST-based Configuration methods are minimally secured by Basic HTTP Authentication.

The REST Security configuration file may reside anywhere on the filesystem, but a reference must be included in the OpenCDS configuration file (see Configuring OpenCDS for details).

The contents of the REST Security configuration file is as follows:

sec.xml
<?xml version="1.0" encoding="UTF-8"?>
<config:ConfigurationSecurity xmlns:config="org.opencds.dss.config.v1_0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="org.opencds.dss.config.v1_0 schema/OpenCDSConfiguration.xsd">
    <users>
        <user>
            <username>admin-username</username>
            <password>admin-password</password>
            <enabled>true</enabled>
            <grantedAuthorities>
                <authority>ROLE_CONFIG_ADMIN</authority>
                <authority>ROLE_CONFIG_USER</authority>
            </grantedAuthorities>
        </user>
        <user>
            <username>non-admin-username</username>
            <password>non-admin-password</password>
            <enabled>true</enabled>
            <grantedAuthorities>
                <authority>ROLE_CONFIG_USER</authority>
            </grantedAuthorities>
        </user>
    </users>
</config:ConfigurationSecurity>

Any number of users may be added to the list.

Passwords are stored in plain-text.  (Encryption methods may be provided in the future.)

Two roles (granted authorities) are supported which provide access to the data:

  • ROLE_CONFIG_ADMIN
    • May read from and write to the Configuration REST services.
  • ROLE_CONFIG_USER
    • May read from the Configuration REST services.