...
Code Block |
---|
# If there is an entry here for group name, then all web service client users must be in this group (before the actAs) #ws.client.user.group.name = etc:webServiceClientUsers # allow these ids even if not in group, e.g. for testing # subjectIdOrIdentifier or sourceId::::subjectId or ::::subjectId or sourceId::::::subjectIdentifier or ::::::subjectIdentifier # sourceId::::::::subjectIdOrIdentifier or ::::::::subjectIdOrIdentifier # {valueType: "subject", multiple: true} ws.client.user.group.subjects.allow = # cache the decision to allow a user to user web services, so it doesnt have to be calculated each time # defaults to 5 minutes: # {valueType: "integer", required: true} ws.client.user.group.cache.minutes = 5 # if you have subject namespace overlap (or not), set the default subject # sources (comma-separated) to lookup the user if none specified in user name # {valueType: "string"} ws.logged.in.subject.default.source = # prepend to the userid this value (e.g. if using local entities, might be: etc:servicePrincipals: ) # {valueType: "string"} ws.security.prependToUserIdForSubjectLookup = |
ActAs configuration
To enable web service users to act as another user (proxy), enable the setting in the grouper-ws grouper.properties
...