Project

General

Profile

bug #6248

Updated by Andreas Kohlbecker over 3 years ago

The creation of the lucene indexes can not be triggered from Jenkins jobs or from the dataportal settings pages, since the /manage/ web services requires authentication.

The best solution to this problem is to allow the definition of global management user accounts which apply to any cdm-remote instance started by a system user.
These users credentials must therefore not be stored in the cdm databases. To store them independently from the cdm instances a configuration file located in `$HOME/.cdmLibrary` is the preferred storage solution.

----

**Old issue description:**

The
authorization problem in the dataportal will be solved as soon as the oauth2 client capabilities are implemented into the data portal module: #6332. In case of jenkins it is not possible to provide proper cdm user credentials for each of the instances to be indexed. In this case another grand type is needed.
For this service endpoint it must me possible to authorite via the OAuth2 grant type 'client' (https://tools.ietf.org/html/rfc6749#section-4.4).

TODO:

* enable grant type 'client' for /manage/
* check for valid clients based on a key. The allowed keys are stored in $USER_HOME/cdm-remote-client-keys` each in a separate line. A key must conform to a md5 hash (or UUID?).
* provide script for jenkins to authenticate --> subticket
* implement client authentication into the dataportal. This should be doable by making use of the OAuth2 plugin available for Drupal7, see #6118 --> subticket

Back

Add picture from clipboard (Maximum size: 40 MB)