Awesome

Syn

Introduction

A valve for Tomcat8 that authenticates the JWT tokens created by Islandora in order to provide sessionless Authentication for Fedora. Named after the Norse goddess Syn.

Requirements

This project requires Java 8 and can be built with Gradle. To build and test locally, use ./gradlew build.

Installation

Copy Syn JAR

Copy the JAR that was built above from build/libs/islandora-syn-X.X.X-all.jar and place into $TOMCAT_HOME/lib directory. Can be found in Ubuntu at: /var/lib/tomcat8/lib/. Note that this JAR is built to contain all the dependencies.

Register Valve

Now register the valve in Tomcat configuration file. In Ubuntu this file is located at: /var/lib/tomcat8/conf/context.xml

<Valve className="ca.islandora.syn.valve.SynValve" 
	  		 pathname="conf/syn-settings.xml" />

where:

• pathname: The location of the settings file. Defaults to $CATALINA_BASE/conf/syn-settings.xml.

Enable security-constraint

The valve checks if requested URL is under security constraints. So, valve will activate only if the Fedora4 web.xml file contains something like:

<security-constraint>
    <web-resource-collection>
      <web-resource-name>Fedora4</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<security-role>
    <role-name>islandora</role-name>
</security-role>
<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>fcrepo</realm-name>
</login-config>

On Ubuntu this file can be found at: /var/lib/tomcat8/webapps/fcrepo/WEB-INF/web.xml

Setup Syn Configuration

Modify the example configuration and move it to: $CATALINA_BASE/conf/syn-settings.xml.

Header principals

Additional roles are passed to Fedora via a HTTP header, this is configured via the header attribute to the <config> element in the syn-settings.xml.example file. You must also configure Fedora to read this header via its HeaderProvider.

Documentation

Further documentation for this module is available on the Islandora 8 documentation site.

Troubleshooting/Issues

Having problems or solved a problem? Check out the Islandora google groups for a solution.

• Islandora Group
• Islandora Dev Group

Maintainers

Current maintainers:

• Jared Whiklo

Development

If you would like to contribute, please get involved by attending our weekly Tech Call. We love to hear from you!

If you would like to contribute code to the project, you need to be covered by an Islandora Foundation Contributor License Agreement or Corporate Contributor License Agreement. Please see the Contributors pages on Islandora.ca for more information.

We recommend using the islandora-playbook to get started.

License

MIT