Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
BaSyx / Documentation / Components / Registry / Features / Authorization
Authorization
User Story & Use Case
As AAS Components user
I want to authorize access on AAS & Submodels descriptor data contained in the AAS Registry
so that I can store sensitive data and prevent its unauthorized access.
This feature enables AAS components user to secure the AAS & Submodels descriptors stored on the AAS Registry component.
Feature Overview
An example for the authorization can be found in the scenario with Keycloak.
Feature Configuration
Authorization is disabled by default. Basic authorization can be configured in the aas.properties:
aas.authorization=Enabled aas.authorization=Disabled
[deprecated] The JWT connectivity can be configured in the context.properties, e.g. by
jwtBearerTokenAuthenticationIssuerUri=http://127.0.0.1:9006/auth/realms/basyx-demo jwtBearerTokenAuthenticationJwkSetUri=http://127.0.0.1:9006/auth/realms/basyx-demo/protocol/openid-connect/certs jwtBearerTokenAuthenticationRequiredAud=basyx-demo
[new way] The new way to configure JWT validation is via the "authorization.strategy.jwtBearerTokenAuthenticationConfigurationProvider" property in [security.properties] where a class can be provided that returns an appropriate KeycloakJwtBearerTokenAuthenticationConfigurationProvider object. For the default behavior, uncomment the property line in the security.properties file. While the line is commented out, it will still use the old properties in the context.properties.