-
Notifications
You must be signed in to change notification settings - Fork 23
Implementing security
paulalbert1 edited this page Mar 21, 2019
·
4 revisions
Each of ReCiter's APIs can be configured to restrict access to only those requests which provide the correct API key.
Institutions have various reasons for implementing this functionality including:
- regulating access to server resources
- honoring FERPA-related restrictions on sharing data
- limiting access to sensitive data including personal email, manager name, etc.
As a default, ReCiter is configured to work without security enabled.
By default, ReCiter has two roles:
-
department - can only use the only following:
/reciter/article-retrieval/by/uid
- admin - can use all APIs except those accessible to the department role
The following steps describe how you can set up security. There are are several options for setting the ADMIN_API_KEY key and CONSUMER_API_KEY.
In application.properties, set the following to be true:
spring.security.enabled=true
- Enter
export ADMIN_API_KEY=[enter your API key here] - Enter
export CONSUMER_API_KEY=[enter your API key here]
If you are deploying to an AWS instance, add the environment variable in the Elastic Beanstalk configuration section.
- Open Eclipse
- Right-click on Application.java found here: ReCiter --> src/main/java --> reciter --> Application.java
- Click on "Run As..." --> "Run Configurations..."
- Click on "ReCiter" in sidebar
- Click on "Environment" tab
- Under variable, add "ADMIN_API_KEY" and create the API key.
- Under variable, add "CONSUMER_API_KEY" and create the API key.