It's quite easy to replace where the security service pulls its data, with your custom provider.
This is the core security configuration file
It merely describes the two important section:
- The TokenHandler service, responsible for generating and validating the security token.
- The security provider,
The simple security provider has an LDAP equivalent called the LDAP security provider both implementing the Security Provider Interface
Security Provider has a number of key classes and interfaces associated to it:
- A list of realms.
- RBACProvider with all the related RBAC classes and services.
- RBACQuery, the query services for reviewing RBAC element sets, properties and relations.
- RBACAdmin, Administrative services for the creation and maintaince of RBAC element sets and relations.
- RBACRuntime, Runtime services for making access control decisions. This interface attempts to comply with the NIST RBAC Proposed voluntary consensus standard DRAFT.
- AuthenticationProvider giving access to the authentication interfaces
- AuthenticationQuery, Administrative review services for performing queries on users of the authentication system.
- AuthenticationRuntime, responsible for authenticating users.
- AuthenticationAdmin, for creating and maintening credentials.
By default, tempo uses the SimpleSecurityProvider which pulls its data form the SimpleDatabase object, which pulls its configuration from the security.xml configuration file, where the users and the roles are defined.
The easiest way to load users and roles form a different source is to extend the SimpleDatabase to load data from our custom resource, and then make the minimal changes required in SimpleSecurityProvider, notably the database configuration file checks.
One could of course, re-implements all the interfaces described above to get a complete integration with an external service storage for users and roles.
