Skip to content

GuideUserManagement

Kurt Stam edited this page Dec 18, 2013 · 5 revisions

User Management

Overview

In order to do work in the DTGov system, a valid user must first be authenticated. The specific details regarding how to create and manage the list of allowed users will vary depending on the runtime configuration. This guide will focus on the mechanisms supported by the DTGov community installer.

Tip
Please note that the installer creates a single user (named 'admin') during the installation process.

Required Roles

There are several roles that the user must have in order to interact with DTGov. These roles are as follows:

  • overlorduser : users must have this role in order to access the DTGov user interface

  • admin.sramp : users must have this role in order to access the S-RAMP repository (both read and write)

  • dev : users with this role will be able to view and complete Dev environment and developer human tasks

  • test : users with this role will be able to view and complete Test environment human tasks

  • stage : users with this role will be able to view and complete Staging environment human tasks

  • prod : users with this role will be able to view and complete Production environment human tasks

  • ba : users with this role will be able to view and complete business analyst human tasks

  • arch : users with this role will be able to view and complete architect human tasks

Adding a User

JBoss EAP 6.1

By default DTGov uses the standard EAP Application Realm configuration as its authentication source. This means that adding users is a simple matter of using the existing EAP add-user script. If you are running on Windows you can use the add-user.bat script. Otherwise run the add-user.sh script. Both of these scripts can be found in EAP’s 'bin' directory.

Here is an example of how to add an S-RAMP user using the add-user.sh script:

[user@host jboss-eap-6.1]$ pwd
/home/user/FSW6/jboss-eap-6.1
[user@host jboss-eap-6.1]$ ./bin/add-user.sh

What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): b

Enter the details of the new user to add.
Realm (ApplicationRealm) : ApplicationRealm
Username : fitzuser
Password : P4SSW0RD!
Re-enter Password : P4SSW0RD!
What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]: overlorduser,admin.sramp,dev,test
About to add user 'fitzuser' for realm 'ApplicationRealm'
Is this correct yes/no? yes
Added user 'fitzuser' to file '/home/user/FSW6/jboss-eap-6.1/standalone/configuration/application-users.properties'
Added user 'fitzuser' to file '/home/user/FSW6/jboss-eap-6.1/domain/configuration/application-users.properties'
Added user 'fitzuser' with roles overlorduser,admin.sramp to file '/home/user/FSW6/jboss-eap-6.1/standalone/configuration/application-roles.properties'
Added user 'fitzuser' with roles overlorduser,admin.sramp to file '/home/user/FSW6/jboss-eap-6.1/domain/configuration/application-roles.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? no
Tip
the above example will create a user who can view and complete Dev and Test environment human tasks. Any other human tasks will not be visible.

Tomcat 7

When running DTGov in Tomcat 7, the source of authentication is an XML configuration file located in Tomcat’s 'conf' directory named tomcat-users.xml. To add another user, simply add a user element to this XML configuration file. For example, adding a user named 'fitzuser' might make the file look like this:

<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
<!--
  NOTE:  By default, no user is included in the "manager-gui" role required
  to operate the "/manager/html" web application.  If you wish to use this app,
  you must define such a user - the username and password are arbitrary.
-->
  <role rolename="tomcat"/>
  <role rolename="overlorduser"/>
  <role rolename="admin.sramp" />
  <user username="admin" password="4dm1n!" roles="tomcat,overlorduser,admin.sramp,dev,test,stage,prod"/>
  <user username="fitzuser" password="P4SSW0RD!" roles="tomcat,overlorduser,admin.sramp,dev,test"/>
</tomcat-users>