The users.yaml file
users.yaml is a configuration file where user accounts (or service accounts)
and their roles are defined for the following authentication methods:
Note
The file plays the same role as tomcat-users.xml in older versions
of EDG (see Tomcat-based authentication methods).
File location
By default, the system will look for a file users.yaml in the same
directory as the setup file (edg-setup.properties).
Name and location can be overridden in the setup file:
usersFile = ./my-user-file.yaml
Example
The following example can be used as a template:
# users.yaml template
"Admin_user":
password: "password32"
roles: [ "admin", "manager" ]
"Editor_user":
password: "password54"
roles: [ "editor" ]
"Guest":
encPassword: "{bcrypt}$2y$15$krgnAQqdWl8wqJ1nwE86ZejFDTVHJI2KDUd5RFsYrNTuGxR6Nrx7q"
roles: [ "viewer" ]
Syntax
The file uses YAML syntax.
Each user account is a text block of this form:
"loginName1":
password: "password1"
encPassword: "{bcrypt}$2y$15$7UPVu0GcvphJ5f.2mt/Sb.pBv8ucAHObnoMoBVBfH2gqQaAMmMqua"
roles: [ "role1", "role2" ]
loginName1The account’s login name goes here. The are no special restrictions on the characters used. For example, email addresses could be used as login names.
passwordThe account’s password, in clear text. This is not recommended for production systems. Use
encPasswordinstead.encPasswordThe account’s password, hashed with bcrypt for improved security. Only one of
passwordandencPasswordmay be present. The value must start with the string{bcrypt}, followed by the hashed password. Use a bcrypt-capable utility to encode the password, for example on a Linux command line:% htpasswd -nbBC 15 USER topsecret USER:$2y$15$HHI02CXNcMF2gDG3GosJku4jmUhE9eM8GHkIB.mKSuYJMKIZ8RUf6
and replace the initial
USER:with{bcrypt}.rolesA YAML list of the account’s security roles. Any roles used here must match those defined in the setup file file under securityRoles, case-sensitive.