Security Example Flow Chart
NOTE: This example will only run under JDK 1.4 and above.
This example shows how to create and interace with job scheduler engines that have security enabled on them. With security, you can prevent certain users and roles from performing certain operations in Flux. You can also prevent certain users and roles from accessing different branches in the tree of jobs. For example, you can permit the user "mary" to access only the "/mary/" branch in the tree of jobs.
When you follow this example, you will:
- Create a secure job scheduler engine.
- Create a user in Flux security.
- Login to the secured job scheduler engine.
- Try operations that you are, and are not allowed, to do.
- Logout of the secured job scheduler engine.
To run this example, follow these steps.
- Create a secure engine by running the start-flux-secure-engine script from this example's directory.
- Start the Flux Designer by running the flux-designer script from the Flux installation directory.
- Once you have created a secure engine, browse to your Flux installation directory and run the start-flux-webapp script. This will start Flux's application server.
- Once the application server has started, execute the operations-console script. Opening this script will bring you to Flux's Operations Console.
- When the Operations Console appears, login with the following information.
- Once you are logged in to the Operations Console, browse to the "Security" page by clicking the "Security" button at the top right of the Operations Console.
- Within the security page, click the "All Users" button.
- Within the "Security/All Users" page, click the "New User" button.
- Create a user with the following information.
Display Name: Mary
- From within the Flux Designer, open the fluxproject.fpr file in the examples/end_users/security directory under the Flux installation directory.
Open the Designer's "Engines" panel. You should see an entry that reads "my secure job scheduler engine". The icon should display a grayed-out "engine fan" with a yellow padlock in front of it. This icon indicates that the Flux Designer identifies your secure job scheduler engine, but you have not logged into it yet.
- Log in to your secure job scheduler engine. Right-click on it, and select the Login menu item. Login as user mary with the password password.
- Now you will demonstrate that user "mary" can create jobs in the "/mary/" branch of the tree of jobs but not in the root of the tree of jobs.
a) Open the job named "/simple". It does not matter what the job does. In this case, it is a simple ConsoleAction that prints a message on the console when it runs.
Now try to export this "/simple" job to your secure job scheduler engine. Notice that it fails. It fails because Mary is not allowed to write jobs in the root of the tree of jobs.
b) Now re-export that same job again. This time, however, export the job to "/mary/simple". Notice that the export succeeds. It works because Mary is indeed allowed to write jobs to the "/mary/" branch of the tree of jobs.