Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Info

This page applies to sites using the Acegi security provider but should be easily adapted for Spring Security

The Administration GUI can be accessed from the the /weave/admin.html url URL once the Weave instance is running.

To secure access to the GUI you need to edit the the security.xml file and add three entries to the list of paths that need to be secure.
These three entries Three new entries for the resources used by the admin UI need to be added to the filterInvocationInterceptor.

In a default Weave installation there is only one the final entry in this list should be:
/**=IS_AUTHENTICATED_ANONYMOUSLY

To secure the administration GUI you need to include the add three new entries along with the existing before that one.
/admin.html=ROLE_ADMIN
/admin/**=ROLE_ADMIN
/services/admin/**=ROLE_ADMIN

Note that that ROLE_ADMIN may need to change depending upon how you've updated the authentication in the rest of the the security.xml file.
The role represents a group that the user must belong to before they can access the Administration GUI. For example, if you're using the default default users.properties file then the following entries will grant access to Bob and Ted, but not Alice:
bob=password,ROLE_ADMIN
ted=password,ROLE_ADMIN,ROLE_USER,ROLE_GIS,ROLE_PLANNING
alice=password,ROLE_USER,ROLE_GIS,ROLE_PLANNING

If you're using LDAP, Active Directory or some other authentication mechanism then the role you need to set will be based on the groups the user is granted based on those authentication sources. These roles are the same ones that you would use when creating an ACL within Weave itself.