Skip to content

Commit

Permalink
Separate user role required for authentification by OIDC from user r…
Browse files Browse the repository at this point in the history 
…oles associated with permissions fix #4318
  • Loading branch information
@gunterze
gunterze committed Dec 21, 2023
1 parent c7ed1ba commit 057aa9d
Show file tree
Hide file tree
Showing 12 changed files with 41 additions and 17 deletions.
2 changes: 1 addition & 1 deletion dcm4chee-arc-assembly/src/main/resources/ldap/add-keycloak-admin.ldif
View file
Expand Up @@ -9,7 +9,7 @@ sn:: IA==
cn:: IA==
userPassword:: Y2hhbmdlaXQ=

dn: cn=user,ou=users,dc=dcm4che,dc=org
dn: cn=auth,ou=users,dc=dcm4che,dc=org
changetype: modify
add: member
member: uid=keycloak-admin,ou=users,dc=dcm4che,dc=org
Expand Down
2 changes: 1 addition & 1 deletion dcm4chee-arc-assembly/src/main/resources/ldap/add-wildfly-admin.ldif
View file
Expand Up @@ -9,7 +9,7 @@ sn:: IA==
cn:: IA==
userPassword:: Y2hhbmdlaXQ=

dn: cn=user,ou=users,dc=dcm4che,dc=org
dn: cn=auth,ou=users,dc=dcm4che,dc=org
changetype: modify
add: member
member: uid=wildfly-admin,ou=users,dc=dcm4che,dc=org
Expand Down
6 changes: 6 additions & 0 deletions dcm4chee-arc-assembly/src/main/resources/ldap/assign-role-to-user.ldif
View file
@@ -0,0 +1,6 @@
version: 1

dn: cn=role,ou=users,dc=dcm4che,dc=org
changetype: modify
add: member
member: uid=user,ou=users,dc=dcm4che,dc=org
11 changes: 8 additions & 3 deletions dcm4chee-arc-assembly/src/main/resources/ldap/default-users.ldif
View file
Expand Up @@ -29,6 +29,13 @@ sn:: IA==
cn:: IA==
userPassword:: Y2hhbmdlaXQ=

dn: cn=auth,ou=users,dc=dcm4che,dc=org
objectClass: groupOfNames
cn: auth
member: uid=root,ou=users,dc=dcm4che,dc=org
member: uid=admin,ou=users,dc=dcm4che,dc=org
member: uid=user,ou=users,dc=dcm4che,dc=org

dn: cn=root,ou=users,dc=dcm4che,dc=org
objectClass: groupOfNames
cn: root
Expand All @@ -39,11 +46,9 @@ objectClass: groupOfNames
cn: admin
member: uid=admin,ou=users,dc=dcm4che,dc=org

dn: cn=user,ou=users,dc=dcm4che,dc=org
dn: cn=auth,ou=users,dc=dcm4che,dc=org
objectClass: groupOfNames
cn: user
member: uid=root,ou=users,dc=dcm4che,dc=org
member: uid=admin,ou=users,dc=dcm4che,dc=org
member: uid=user,ou=users,dc=dcm4che,dc=org

dn: cn=auditlog,ou=users,dc=dcm4che,dc=org
Expand Down
7 changes: 7 additions & 0 deletions dcm4chee-arc-assembly/src/main/resources/ldap/init-role.ldif
View file
@@ -0,0 +1,7 @@
version: 1

dn: cn=role,ou=users,dc=dcm4che,dc=org
changetype: add
objectClass: groupOfNames
cn: role
member: uid=user,ou=users,dc=dcm4che,dc=org
6 changes: 6 additions & 0 deletions dcm4chee-arc-assembly/src/main/resources/ldap/unassign-role-from-user.ldif
View file
@@ -0,0 +1,6 @@
version: 1

dn: cn=role,ou=users,dc=dcm4che,dc=org
changetype: modify
delete: member
member: uid=user,ou=users,dc=dcm4che,dc=org
4 changes: 2 additions & 2 deletions dcm4chee-arc-ui2/src/main/webxml/web-secure.xml
View file
Expand Up @@ -55,13 +55,13 @@
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>${auth-user-role:user}</role-name>
<role-name>${auth-user-role:auth}</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>OIDC</auth-method>
</login-config>
<security-role>
<role-name>${auth-user-role:user}</role-name>
<role-name>${auth-user-role:auth}</role-name>
</security-role>
</web-app>
4 changes: 2 additions & 2 deletions dcm4chee-arc-ui2/src/main/webxml/web.xml
View file
Expand Up @@ -56,14 +56,14 @@
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>${auth-user-role:user}</role-name>
<role-name>${auth-user-role:auth}</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>OIDC</auth-method>
</login-config>
<security-role>
<role-name>${auth-user-role:user}</role-name>
<role-name>${auth-user-role:auth}</role-name>
</security-role>
-->
</web-app>
4 changes: 2 additions & 2 deletions dcm4chee-arc-war/src/main/webxml/web-secure.xml
View file
Expand Up @@ -53,13 +53,13 @@
<http-method-omission>OPTIONS</http-method-omission>
</web-resource-collection>
<auth-constraint>
<role-name>${auth-user-role:user}</role-name>
<role-name>${auth-user-role:auth}</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>OIDC</auth-method>
</login-config>
<security-role>
<role-name>${auth-user-role:user}</role-name>
<role-name>${auth-user-role:auth}</role-name>
</security-role>
</web-app>
4 changes: 2 additions & 2 deletions dcm4chee-arc-war/src/main/webxml/web.xml
View file
Expand Up @@ -13,14 +13,14 @@
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>${auth-user-role:user}</role-name>
<role-name>${auth-user-role:auth}</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>OIDC</auth-method>
</login-config>
<security-role>
<role-name>${auth-user-role:user}</role-name>
<role-name>${auth-user-role:auth}</role-name>
</security-role>
-->
</web-app>
4 changes: 2 additions & 2 deletions dcm4chee-arr-query/src/main/webapp-secure/WEB-INF/web.xml
View file
Expand Up @@ -50,13 +50,13 @@
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>${auth-user-role:user}</role-name>
<role-name>${auth-user-role:auth}</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>OIDC</auth-method>
</login-config>
<security-role>
<role-name>${auth-user-role:user}</role-name>
<role-name>${auth-user-role:auth}</role-name>
</security-role>
</web-app>
4 changes: 2 additions & 2 deletions dcm4chee-arr-query/src/main/webapp/WEB-INF/web.xml
View file
Expand Up @@ -51,14 +51,14 @@
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>${auth-user-role:user}</role-name>
<role-name>${auth-user-role:auth}</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>OIDC</auth-method>
</login-config>
<security-role>
<role-name>${auth-user-role:user}</role-name>
<role-name>${auth-user-role:auth}</role-name>
</security-role>
-->
</web-app>

0 comments on commit 057aa9d

Please sign in to comment.