Security

TODO: this content has not yet been reviewed/updated for v2.0

This guide describes the authentication and authorization features available to secure your Apache Isis application.

Terminology

Apache Isis has built-in support for authentication and authorization:

  • By "authentication" we mean logging into the application using some credentials, typically a username and password. Authentication also means looking up the set of roles to which a user belongs.

  • By "authorization" we mean permissions: granting roles to have access to features (object member) of the app.

Apache Isis has two levels of permissions. Read permission means that the user can view the object member; it will be rendered in the UI. An action with only read permission will be shown disabled ("greyed out". Write permission means that the object member can be changed. For actions this means that they can be invoked.

The framework provides an API for both authentication and authorization, and provides an implementation that integrates with Apache Shiro. Shiro in turn uses the concept of a realm as a source for both authentication and optionally authorization.

Shiro ships with a simple text-based realm — the IniRealm — which reads users (and password), user roles and role permissions from the WEB-INF/shiro.ini file. The HelloWorld and SimpleApp starter apps are both configured to use this realm.

Shiro also ships with an implementation of an LDAP-based realm; LDAP is often used to manage user/passwords and corresponding user groups. Apache Isis in turn extends this with its IsisLdapRealm, which provides more flexibility for both group/role and role/permissions management.

In addition, the SecMan extension provides an implementation of the Shiro Realm API. This extension also represents users, roles and permissions as domain objects, allowing them to be administered through Apache Isis itself. Moreover, it can also optionally delegate password management to a subsidiary (delegate) realm (usually LDAP as discussed above).

In addition to Apache Isis' Shiro-based implementation of its authentication and authorization APIs, Isis also provides a "bypass" implementation, useful for quick-n-dirty prototyping when you want to in effect disable (bypass) security completely.

What about auditing?

A further aspect of security is auditing: recording what data was modified by which user.

Apache Isis provides the InteractionContext can be used to track the actions being invoked, and the AuditerService captures what data was modified as a result (auditing). When Interactions are persisted (eg by way of the Outbox Publisher mapping module) then this provides excellent traceability. The Auditer module provides an implementation of the AuditerService.

For CommandService can be also be used to capture actions, for example using the Command Log extension.