User Tools


Enabling User Authorization and Authentication

In the event that you need to authenticate and authorize your users for different job functions, you can turn on Photonic3D's User Authorization and Authentication. Photonic3D has a pluggable user management subsystem so, it can be adapted quite easily to your company's user store. The default implementation uses a Java keystore with custom x509 certs for each user. This PKI is designed for peer to peer remote communication between instances of Photonic3D. To enable this default functionality, make sure the following are uncommented in your `config.properties`.

securityRealmName=SecurityRealmNameThatWillBePromptedInBrowser
SecurityRealmNameThatWillBePromptedInBrowser.clientUsername=admin
SecurityRealmNameThatWillBePromptedInBrowser.clientPassword=password
visibleCards=printers,printJobs,printables,settings,users
useAuthentication=true
UserManagementFeatureImplementation=org.area515.resinprinter.security.keystore.KeystoreLoginService

Now restart Photonic3D and you are good to go!

So that's easy enough, but let's learn about what we just did and the security ramifications of this.

First off, adding clear usernames and password's in a file on the filesystem isn't a good practice, even if the filesystem is properly protecting the file. So why did we do this:

SecurityRealmNameThatWillBePromptedInBrowser.clientUsername=admin
SecurityRealmNameThatWillBePromptedInBrowser.clientPassword=password

This is only designed as a simple convenience so that a single admin user can be created outside of the GUI on first use. Once Photonic3D is started, you are free to remove the those lines and the users information is securely stored in the keystore(or whatever mechanism Photonic3D is configured to use.)

There is an alternative mechanism to setup the User through the GUI without ever exposing the password in the filesystem. It is possible to turn on the User management tab without turning on User authentication, you could simply add this line:

visibleCards=printers,printJobs,printables,settings,users

This allows any unauthenticated user to create users and setup admin privileges through the Photonic3D GUI. After everyone has been properly setup, you can lock down Photonic3d by doing this:

useAuthentication=true
UserManagementFeatureImplementation=org.area515.resinprinter.security.keystore.KeystoreLoginService

User Authorization and Management

Clicking on the Users tab of the dashboard will bring up this screen:

From here you can create new users and assign permissions for each user. If these permissions aren't fine grained enough, or don't suit your needs, feel free to open a bug. It is possible(and very easy) to create new permissions for each restful function in Photonic3D.

Here are a few examples: