Update Basic Authentication (#113)

* changing default password to match the broadsea-atlasdb POSTGRES_PASSWORD * updating .env values for basic security * adding an authentication query env var * adding setup instructions for basic security --------- Co-authored-by: Ajit Londhe <londhe@ohdsi.org>
OHDSI · Jan 3, 2024 · 2f24ff7 · 2f24ff7
1 parent 9f280a5
commit 2f24ff7
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 5 deletions.
diff --git a/.env b/.env
@@ -112,11 +112,13 @@ SECURITY_TOKEN_EXPIRATION="28800" # number of seconds to persist a security toke
 # choose one, set it to enabled, and replace with appropriate values
 
 # Basic: refer to https://github.com/OHDSI/WebAPI/wiki/Basic-Security-Configuration
+# the below default settings are for the Broadsea-AtlasDB: https://github.com/OHDSI/Broadsea-atlasdb container
 SECURITY_AUTH_JDBC_ENABLED="false"
-SECURITY_DB_DATASOURCE_SCHEMA=""
-SECURITY_DB_DATASOURCE_URL=""
-SECURITY_DB_DATASOURCE_DRIVERCLASSNAME=""
-SECURITY_DB_DATASOURCE_USERNAME=""
+SECURITY_DB_DATASOURCE_SCHEMA="webapi_security"
+SECURITY_DB_DATASOURCE_TABLE="security"
+SECURITY_DB_DATASOURCE_URL="jdbc:postgresql://broadsea-atlasdb:5432/postgres"
+SECURITY_DB_DATASOURCE_DRIVERCLASSNAME="org.postgresql.Driver"
+SECURITY_DB_DATASOURCE_USERNAME="postgres"
 SECURITY_DB_DATASOURCE_PASSWORD_FILE="./secrets/webapi/SECURITY_DB_DATASOURCE_PASSWORD"
 
 # LDAP

diff --git a/README.md b/README.md
@@ -234,6 +234,29 @@ To enable the use of SOLR for fast OMOP Vocab search in Atlas, review and fill o
 
 To enable a security provider for authentication and identity management in Atlas/WebAPI, review and fill out Sections 4 and 5 in the .env file.
 
+##### Broadsea-AtlasDB Security  
+
+Atlas database based security is pre-configured by the [Broadsea-AtlasDB](https://github.com/OHDSI/Broadsea-atlasdb) project and can be used as a demo. To enable this security:
+
+1. Update these environment variables in Sections 2, 4, and 5 in the .env file: 
+    - section 2:
+        - ATLAS_USER_AUTH_ENABLED="true" 
+    - section 4:
+        - ATLAS_SECURITY_PROVIDER_TYPE="db" 
+        - ATLAS_SECURITY_PROVIDER_NAME="DB Security"
+        - ATLAS_SECURITY_USE_FORM="true"
+        - ATLAS_SECURITY_USE_AJAX="true
+    - section 5:
+        - WEBAPI_SECURITY_PROVIDER="AtlasRegularSecurity"
+        - SECURITY_AUTH_JDBC_ENABLED="true"
+2. Start the broadsea docker containers  
+3. Login to ATLAS with a demo user defined 
+    | Role      | Username  | Password  | 
+    |-----------|-----------|-----------|
+    | Admin     | admin     | admin     |
+    | Atlas user| ohdsi     | ohdsi     |
+
+
 #### Bring Your Own JDBC driver
 
 WebAPI does not come with all JDBC drivers supported by OHDSI (for example, Snowflake). To add a JDBC driver to the WebAPI build, refer to Section 3 of the .env file and edit the WEBAPI_ADDITIONAL_JDBC_FILE_PATH variable to point to your JDBC driver file.

diff --git a/compose/ohdsi-webapi.yml b/compose/ohdsi-webapi.yml
@@ -71,6 +71,7 @@ services:
       SECURITY_DB_DATASOURCE_URL: ${SECURITY_DB_DATASOURCE_URL}
       SECURITY_DB_DATASOURCE_DRIVERCLASSNAME: ${SECURITY_DB_DATASOURCE_DRIVERCLASSNAME}
       SECURITY_DB_DATASOURCE_USERNAME: ${SECURITY_DB_DATASOURCE_USERNAME}
+      SECURITY_DB_DATASOURCE_AUTHENTICATIONQUERY: 'select password from "${SECURITY_DB_DATASOURCE_SCHEMA}"."${SECURITY_DB_DATASOURCE_TABLE}" where lower(email) = lower(?);'
 
       # Security env variables - LDAP
 

diff --git a/secrets/webapi/SECURITY_DB_DATASOURCE_PASSWORD b/secrets/webapi/SECURITY_DB_DATASOURCE_PASSWORD
@@ -1 +1 @@
-ohdsi
+mypass