cloudsoft.io

Defining Auth Explicitly in Configuration

The simplest way to define users is as a static list in configuration. With the default security provider, users can be set globally with the property:

brooklyn.webconsole.security.users=admin,bob
brooklyn.webconsole.security.user.admin.password=AdminPassw0rd
brooklyn.webconsole.security.user.bob.password=BobPassw0rd

More information on this, including how to mask the password, is available here.

Different roles for each of these users can be set as follows:

brooklyn.entitlements.global=org.apache.brooklyn.core.mgmt.entitlement.PerUserEntitlementManager

brooklyn.entitlements.perUser.staff=user
brooklyn.entitlements.perUser.itil=root

This is useful for setting up a small set of users, but in most cases it is preferable to link to an identify provider. See the other sections for what is available here.

Note in some cases it is desirable to use both – a few pseudo-users, such as for a pipeline process “bot” that uses AMP, might be defined as a user in the config file as above, but real human users are taken from GitHub or your organizations LDAP provider.