-
Notifications
You must be signed in to change notification settings - Fork 1
Api and Authorization
- The API is accessible at host:port**/api**. The port may be configured in application.yml file
- The requests require JWT authorization:
- Authorization token is obtained in the response header of a successful login request.
- Authorization header format: 'Authorization:Bearer authorization-token'
-
The Swagger documentation is accessible at: host:port**/swagger-ui.html**
-
Use login method from user-api to obtain the authorization token. The login method uses basic authorization: fill
Authorization:Basic *base64(username:password)*
into the swagger Authorization header field of the login endpoint. After that, copy the JWT token from response header and use it for JWT authorization in swagger Authorization fields of other requests. -
The Swagger download link used to download object during object retrieval request is broken. Use other tool, e.g. Postman or cURL to call the object retrieval endpoints. Due to the need of authorization header it is not possible to call the endpoint just by pasting the URL to the address bar.
Role is esentially an editable named group of permissions used to link permissions with users. Every user can have multiple roles. ARCLib comes with 5 default roles: superadmin, admin, analyst, archivist and deletion acknowledgement. See Authorization sheet for mapping of GUI sections, API endpoints and required permissions and roles.
New ARCLib user can be added in two ways:
Login first: only if LDAP authentication is enabled:
- Responsible person creates LDAP account on a LDAP server connected to ARCLib*
- User logs in (with the username/password obtained from LDAP admin) and see an information that he/she has to wait for ARCLib admin to assign him/her with permissions
- All ARCLib users with SUPER_ADMIN_PRIVILEGE permission are notified by email
- Any of notified users find the new user in the ARCLib GUI and assign him/her with roles
Create user first:
- New user is created by user with appropriate permission in the User section of ARCLib GUI. Creating user can also assign roles to the created user straight away.
- User logs in
If LDAP authentication is enabled The domain name must match the pattern of the organisation running the ARCLib instance. The pattern is configured in LDAP section of application.yml file In case of "Create first" the username filled when creating the user must match the username/id under which the user is looked up in the LDAP see LDAP section of application.yml file
Home
The Ingest - Archival Process
Instructions for Sample Ingest
Predefined Profiles
Docker
Reindex and Reingest (upgrading ARCLib or its profiles)
- System Setup
- System Setup on Debian (unofficial)
- Api and Authorization
- Administration of running system
- ARCLib XML Index Config
- Usage@Index
- Sip Format
- Usage@Sip Profiles
- Usage@Validation Profiles
- Usage@Workflow Definitions
- Usage@Producer Profiles
- Usage@Debug Mode
- Tutorial@Custom Ingest