DRMAccess

Contents

General Information
Description
Library Dependancies
Usage
1. general definitions
2. possible actions

1. General Information

First of all, please make sure to read the chapter on General Information for all deegreeTools.

2. Description

This program enables deegree sercurity administration using commandline calls. It should/must bs used instead of deegree's drm-admin web application if you want to

defined complex rights using constraints defined as OGC FileterEncoding expressions (e.g. a user is just allowed to perform a GetMap request if the boundingbox intersects with a defined boundary and the mas spatial resolution is less than 10m.
perform definition of rights by a batch-job

3. Library Dependancies

general libs

deegree2.jar
log4j-1.2.9.jar
jaxen-1.1-beta-8.jar

database specific libs

ojdbc14_10g.jar
postgresql-8.0-311.jdbc3.jar

4. Usage

Two things are important to note:

Even if you use Postgres, MS SQLServer, HSQLDB etc. Oracle library is required
If rights manipulating actions a performed deegree user and rights management API requires adminstrator authentication. Since name of the admin always is SEC_ADMIN just his password must be defined. Because it is assumed that the admin password does not change frequently it will be read from org/deegree/tools/security/sec.properties (contained in deegree2.jar). If you do not use default password (it is strongly recomment not to do this and to change the admin password) you must adjust sec.properties.

The program will be invoked as follows (example shows how to define a right with a constraint):

java -classpath .;libs/deegree2.jar org.deegree.tools.security.DRMAccess -driver org.postgresql.Driver -logon jdbc:postgresql://hurricane:5432/adv_registry_users -user postgres -pw postgres -action assignRights -constraints -;-;-;csw_getrecords_by.xml -soName ISO19115 -soType MetadataSchema -role MyRole -rights GetRecords,GetRecordById,DescribeRecordType,GetRecords_Response

Common for all operations are database connection parameters '-driver', '-logon', '-user', '-pw', and parameter '-action' defining what to do. In general following commandline parameter combinations are known: general definitions, possible actions.

4.1. general definitions

-driver

JDBC driver (e.g. sun.jdbc.odbc.JdbcOdbcDriver for ODBC databases)

-logon

jdbc:odbc:security logon to database (e.g. ODBC name)

-user

user name (optional)

-password

users password (optional)

4.2. possible actions

-action

defines the action to be performed. possible actions are: addUser, addGroup, addRole, addUserToGroup, assignRoleWithGroup, addSecuredObject, assignRights, clean

4.2.1. action = addUser

adds a user to the right management

-name

users login name

-password

users password

-firstName

the first name of the user

-lastName

the last name of the user

-email

email address of the user.

4.2.2. action = removeUser

removes a user from the right management

-name

users login name

4.2.3. action = addGroup

adds a group to the right management system

-name name of the group
-title title of the group

4.2.4. action = removeGroup

removes a group to the right management

-name

groups login name

4.2.5. action = addRole

adds a role to the right management system

-name

name of the role

4.2.6. action = addUserToGroup

adds a user to a named group

-userName

name of the user

-groupName

name of the group

4.2.7. action = addUserToGroup

assignes a group with a role

-groupName

name of the group

-roleName

name of the role

4.2.8. action = addSecuredObject

adds a new secured object to the right management system

-soType

type of the secured object (e.g. Layer, FeatureType, Coverage ...)

-soName

name of the secured object

-soTitle

title of the secured object

4.2.9. action = removeSecuredObject

removes a new secured object from the right management system

-soType

type of the secured object (e.g. Layer, FeatureType, Coverage ...)

-soName

name of the secured object

4.2.10. action = assignRights

assigns rights on a named secured object to a role

-constraints

comma seperated list of absolut pathes to filter encoding files

-rights

comma seperated list of rights to assign. the number of rights must be equest to the number constraints

-soName

name of the secured object

-soType

type of the secured object

-role

name of the role the rights shall be given to

4.2.11. action = removeRights

removes rights on a named secured object to a role

-rights

comma seperated list of rights to remove.

-soName

name of the secured object

-soType

type of the secured object

-role

name of the role the rights shall be given to

4.2.12. action = clean

cleans the complete right management system database by deleting all entries!

look for other deegreeTools

CategoryDeegree2