-
Notifications
You must be signed in to change notification settings - Fork 11
Security
By default five roles are created for the Koop Provider. For now, you need to understand two of them.
This role gives the user the right to read the Service Descriptors. This is required to be able to use the Koop Provider
This role gives the user the right to create and update the Service Descriptors. It also grants permission to write documents to the "http://marklogic.com/feature-services" collection which must contain the Service Desciptor documents. This role is required for deploying the services to MarkLogic.
By default two users are created for deploying and using the Koop Provider.
This user is assigned the "esri-connector-reader" role and is therefore able to use the service. When the Node portion of the Koop Provider is not passing through Basic Authentication, then it should use this user for connecting to MarkLogic.
This user is assigned the "esri-connector-writer" role and is therefore able to deploy and update the service.
The application server (port 8095 by default, or port 8096 for the test configuration) uses Digest authentication by default.
By default, the Node piece uses the esri-connector-reader user with Digest Authentication to connect to MarkLogic.
The connection from the Node service to MarkLogic is configured in "build/koop/config/default.json". You can set the username and password values in this file by setting koopMlUsername and koopMlPassword respectively, in your build-.properties file.
You can change the authentication type by using the koopMlAuthenticationType parameter in your properties file. ** HOWEVER, gradle currently can only deploy when the ML App server is set to Digest Authentication **
You can also forward Basic Auth credentials from the user making the call to Node.