You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
unboundedpress/restheart/etc/security.yml.template

60 lines
2.3 KiB
Plaintext

6 years ago
## RESTHeart simple security configuration file.
---
## Configuration for file based Identity Manager
users:
- userid: username
password: password
roles: [users, admins]
## Configuration for db based Identity Manager
## bcrypt-hashed-password: true to authenticate against bcrypt hashed passwords
## https://github.com/svenkubiak/jBCrypt
dbim:
- db: userbase
coll: accounts
prop-name-id: _id
prop-name-password: password
prop-name-roles: roles
bcrypt-hashed-password: false
create-user: false
create-user-document: '{"_id": "admin", "password": "secret", "roles": ["admins"]}'
cache-enabled: false
cache-size: 1000
cache-ttl: 60000
cache-expire-policy: AFTER_WRITE
## Config for AD Identity Manager
#adim:
# - domainControllers: ldap://eastdc.example.com
# principalNameSuffixes: corp.example.com,example.com
## Configuration for file based Access Manager
## Look at undertow documentation for information about predictates syntax
## http://undertow.io/undertow-docs/undertow-docs-1.3.0/index.html#predicates-attributes-and-handlers
## The special role $unauthenticated allows to give permissions without requiring authentication
permissions:
# Users with role 'admins' can do anything
- role: admins
predicate: path-prefix[path="/"]
# Not authenticated user can only GET any resource under the /publicdb URI
- role: $unauthenticated
predicate: path-prefix[path="/"] and method[value="GET"]
# Users with role 'users' can GET any collection or document resource (excluding dbs)
- role: users
predicate: regex[pattern="/.*/.*", value="%R", full-match=true] and method[value="GET"]
# Users with role 'users' can do anything on the collection /publicdb/{username}
- role: users
predicate: path-template[value="/publicdb/{username}"] and equals[%u, "${username}"]
# Users with role 'users' can do anything on documents of the collection /publicdb/{username}
- role: users
predicate: path-template[value="/publicdb/{username}/{doc}"] and equals[%u, "${username}"]
# Same than previous one, but using regex predicate
# Users with role 'users' can do anything on documents of the collection /publicdb/{username}
# - role: users
# predicate: regex[pattern="/publicdb/(.*?)/.*", value="%R", full-match=true] and equals[%u, "${1}"]