The Authorization service provides basic authorization for all other datawave microservices. Authorization is a single endpoint that returns a signed JSON Web Token (JWT) that represents a list of DatawaveUser objects. Authorization may be performed by a trusted entity (i.e., a server) on behalf of another user or chain of servers leading to a user.
The Authorization service caches authorized users and also provides an administrative rest API to query and manage the cache.
https://host:port/authorization/v1/
Method | Operation | Description | Request Body |
---|---|---|---|
GET |
authorize | Authorizes the calling user | N/A |
GET |
whoami | Returns details about the calling user | N/A |
Users must possess the Administrator role to access any of the admin methods.
Method | Operation | Description | Request Body |
---|---|---|---|
DELETE |
admin/evictAll | Deletes all users from the cache | N/A |
DELETE |
admin/evictUser | Deletes the named user from the cache | N/A |
DELETE |
admin/evictUsersMatching | Deletes users with names containing the supplied string from the authorization cache | N/A |
GET |
admin/listUsers | Shows all users in the cache | N/A |
GET |
admin/listUser | Retrieves the named user from the cache | N/A |
GET |
admin/listUsersMatching | Retrieves users with names containing the supplied string from the authorization cache | N/A |
- See AuthorizationOperations class for details
-
First, refer to services/README for launching the config service.
-
Launch this service as follows, with the
mock
profile to leverage test PKI materials and associated user configuration (see authorization-mock.yml).java -jar service/target/authorization-service*-exec.jar --spring.profiles.active=dev,mock
-
Ensure that the testUser.p12 (password: ChangeIt) cert is imported into your browser, and then visit any of the following:
- https://localhost:8643/authorization/v1/authorize
- https://localhost:8643/authorization/v1/whoami
- https://localhost:8643/authorization/v1/admin/listAll
- https://localhost:8643/authorization/v1/admin/listUser?username=test
- https://localhost:8643/authorization/v1/admin/listUsersMatching?username=test
- Perform PUT and POST API operations with your preferred HTTP client, as desired
See sample_configuration/authorization-dev.yml and configure as desired