documentation:software:webapi:basic_security
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
documentation:software:webapi:basic_security [2018/03/19 17:30] frank_defalco |
documentation:software:webapi:basic_security [2019/04/19 16:22] (current) anthonysena |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Basic Security Configuration ====== | + | ===== IMPORTANT NOTE ===== |
| + | |||
| + | All WebAPI documentation has moved to [[https://github.com/OHDSI/WebAPI/wiki|GitHub]]. Please disregard the content below as it is legacy and kept for posterity. | ||
| + | |||
| + | ====== Basic Security Configuration (LEGACY)====== | ||
| This tutorial will demonstrate how to configure the OHDSI WebAPI and ATLAS using the OHDSI WebAPI's built in SHIRO security configuration. This configuration is intended for use in demonstration environments and is explicitly NOT for use in production. | This tutorial will demonstrate how to configure the OHDSI WebAPI and ATLAS using the OHDSI WebAPI's built in SHIRO security configuration. This configuration is intended for use in demonstration environments and is explicitly NOT for use in production. | ||
| Line 11: | Line 15: | ||
| <code> | <code> | ||
| - | <security.enabled>true</security.enabled> | + | <security.provider>AtlasRegularSecurity</security.provider> |
| <security.origin>*</security.origin> | <security.origin>*</security.origin> | ||
| <security.db.datasource.url>jdbc:postgresql://localhost:5432/ohdsi</security.db.datasource.url> | <security.db.datasource.url>jdbc:postgresql://localhost:5432/ohdsi</security.db.datasource.url> | ||
| Line 42: | Line 46: | ||
| OWNER to ohdsi; | OWNER to ohdsi; | ||
| </code> | </code> | ||
| + | |||
| + | Next you will need to insert a sample record that will contain our demonstration username and password. The password is encrypted using BCrypt. You can create your own username and password or use the sample insert statement provided below where we have already encrypted the password 'ohdsi' for the user named 'ohdsi'. To create a different password hash using BCrypt you can use the following web site: | ||
| + | |||
| + | https://www.dailycred.com/article/bcrypt-calculator | ||
| + | |||
| + | And then put that password hash into the statement below. | ||
| + | |||
| + | <code> | ||
| + | insert into ohdsi.demo_security (email,password) | ||
| + | values ('ohdsi', '$2a$04$Fg8TEiD2u/xnDzaUQFyiP.uoDu4Do/tsYkTUCWNV0zTCW3HgnbJjO') | ||
| + | </code> | ||
| + | |||
| + | ===== Configuring ATLAS ===== | ||
| + | |||
| + | Now that we have the OHDSI WebAPI configured, table created and populated we can now setup ATLAS to expect a secure OHDSI WebAPI. | ||
| + | |||
| + | Placing a config-local.js file inside the root atlas/js file in your web installation will allow you to override the configuration settings without requiring changes to the Github repository or accidentally pushing your local information to Github. The following code configures ATLAS to expect a secure OHDSI WebAPI installation and configures it to use our newly created demonstration database. | ||
| + | |||
| + | <code> | ||
| + | define([], function () { | ||
| + | var configLocal = {}; | ||
| + | |||
| + | configLocal.api = { | ||
| + | name: 'Demo Environment', | ||
| + | url: 'http://localhost:8080/WebAPI/' | ||
| + | }; | ||
| + | |||
| + | configLocal.userAuthenticationEnabled = true; | ||
| + | |||
| + | configLocal.authProviders = [{ | ||
| + | "name": "Local Security Test DB", | ||
| + | "url": "user/login/db", | ||
| + | "ajax": true, | ||
| + | "icon": "fa fa-database", | ||
| + | "isUseCredentialsForm": true | ||
| + | }]; | ||
| + | |||
| + | return configLocal; | ||
| + | }); | ||
| + | </code> | ||
| + | |||
| + | ===== Becoming an Admin ===== | ||
| + | You should now be able to load ATLAS and find that you can login to the environment using the newly created user and password information. However, you will have limited permissions. The following query will list the current permissions that your login has in the database: | ||
| + | |||
| + | <code> | ||
| + | select sec_user.id as user_id, login, sec_role.id as role_id, sec_role.name as role_name | ||
| + | from sec_user | ||
| + | join sec_user_role on sec_user.id = sec_user_role.user_id | ||
| + | join sec_role on sec_user_role.role_id = sec_role.id | ||
| + | </code> | ||
| + | |||
| + | To grant yourself administrator privileges you can run the following query: | ||
| + | |||
| + | <code> | ||
| + | insert into sec_user_role (user_id, role_id) values (1000,2) | ||
| + | </code> | ||
| + | |||
| + | Now by logging out and logging back in to ATLAS you should be granted administrative rights across the system. You will then be able to manage other permissions from the 'Manage permissions' section found in the configuration tab. | ||
| + | |||
| + | |||
documentation/software/webapi/basic_security.1521480604.txt.gz · Last modified: 2018/03/19 17:30 by frank_defalco
Page Tools
