Simple (Authenticator & Authorizor)
The simple in-memory implementation, allows both authentication and authorization to be evaluated against a user provided SimpleRealm object.
Maven pom.xml
Dependency Management
If your application inherits from the Apache Causeway starter app (org.apache.causeway.app:causeway-app-starter-parent) then that will define the version automatically:
pom.xml
<parent>
<groupId>org.apache.causeway.app</groupId>
<artifactId>causeway-app-starter-parent</artifactId>
<version>3.1.0</version>
<relativePath/>
</parent>Alternatively, import the core BOM. This is usually done in the top-level parent pom of your application:
pom.xml
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.apache.causeway.core</groupId>
<artifactId>causeway-core</artifactId>
<version>3.1.0</version>
<scope>import</scope>
<type>pom</type>
</dependency>
</dependencies>
</dependencyManagement>Update AppManifest
In your application’s AppManifest (top-level Spring @Configuration used to bootstrap the app), import the
AppManifest.java
@Configuration
@Import({
...
CausewayModuleSecuritySimple.class,
...
})
public class AppManifest {
@Bean
public SimpleRealm simpleRealm() {
return new SimpleRealm()
//roles
.addRole("admin_role", id->Grant.CHANGE)
.addRole("order_role", id->
id.getFullIdentityString().contains("Order")
? Grant.CHANGE
: Grant.NONE)
.addRole("customer_role", id->
id.getFullIdentityString().contains("Customer")
? Grant.CHANGE
: Grant.NONE)
.addRole("reader_role", id->
id.getFullIdentityString().contains("TopSecret")
? Grant.NONE
: Grant.READ)
//users
.addUser("sven", pwdhash, List.of("admin_role"))
.addUser("dick", pwdhash, List.of("reader_role", "order_role"))
.addUser("bob", pwdhash, List.of("reader_role", "customer_role"))
.addUser("joe", pwdhash, List.of("reader_role"));
}
}Make sure that no other CausewayModuleSecurityXxx module is imported.