SOA3 User Management Module

From Gcube Wiki
Revision as of 19:25, 21 March 2012 by Ciro.formisano (Talk | contribs) (Created page with '{| align="right" ||__TOC__ |} == Overview == User Management Module is SOA3 utility for managing user, groups and role information. It gives the possibility to perform CRUD ope…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Overview

User Management Module is SOA3 utility for managing user, groups and role information. It gives the possibility to perform CRUD operations locally and remotely on diverse data sources.

Key features

Extensibility
the module is composed by a core defining the most general operations, and diverse implementations modules to communicate with different data sources. Currently an LDAP and a Liferay based implementations are available, but it is possible to add further implementations
Multiple interfaces
the core and the implementations are available as Java Libraries to be integrated with the software managing the data. Otherwise a RESTful interface is available to deploy the module as a standalone web service
High performance
in particular using an LDAP directory, which is the suggested solution

Design

Philosophy

The architecture has been conceived as modular in order to obtain the maximum extensibility. In other words, after established the set of operations by which it is possible to efficiently manage users, groups and roles, the storage based implementations has been kept distinguished. This allows improvement and manageability of every single storage connector, and the possibility to add connectors to further data sources. SOAP and REST web interfaces give more than a possibility to manage users remotely.


Architecture

SOA3 User Management Module
  • UserManagement core provides the core CRUD operations for managing users, groups and roles information. In particular it exposes operation to:
    • create, read, update and delete users and user attributes
    • create, read, update and delete groups and groups attributes
    • create, read, update and delete groups and groups attributes
    • associate roles to an user
    • associate users to a group
  • LDAP Interface is the configurable module to use an LDAP directory as data source
  • Liferay Interface is a library for accessing Liferay 6.0.6 Portal [1] API for managing Liferay user list
  • Web Services Interface, SOAP and RESTful exposes User Management core operations as web services

Deployment

Since User Management Module needs to be associated to a data source (LDAP or Liferay database), the single option is to deploy the module at infrastructure level. It should be contacted by SOA3 authorization module in order to load attributes. The following picture shows the deployment:

SOA3 User Management Module


Use Cases

User Management module covers different use cases inside gCube infrastructure.

Well suited Use Cases

It is possible to distinguish two use case categories:

  • portal related use cases
  • security related use cases

Portal related use cases concern the Portlets which needs the easy access to users related information. The current production implementation uses Liferay database and is integrated in the portal: in this case user management core is directly called by Portlets in order to access required information. The final decoupled deployment expects to be contacted only by web service: anyway the functionalities are the same.

Security related use cases involve SOA3 internal functionalities. In particular SOA3 Authorization Module could have to access user data in order to obtain some attributes for taking authorization decisions.

Dynamic load of user attributes could be useful also for accounting or SLA management purposes.

Less well suited Use Cases

Describe here scenarios where the subsystem partially satisfied the expectations.

Notes

  1. http://www.liferay.com/
Retrieved from "https://wiki.gcube-system.org/index.php?title=SOA3_User_Management_Module&oldid=13838"