< Editing

Throttling Configuration >

15. Security Configuration

15.1. Introduction

Access to different parts of the CartoWeb can be allowed or denied according to who is currently using the application.

The following concepts are used in this chapter.

Security Mechanisms Concepts

User
Representation of a user accessing CartoWeb. If the user is not logged in, she is rerefenced as the anonymous user.
Role
A user can have zero or more roles associated to her. These roles are used to allow or deny a permission to a resource of feature.
Permissions
Permissions describe parts of the application which can be allowed or denied access. A permission can have roles for which access is allowed, and roles for which it is denied.

15.2. Auth Plugin

The security system in CartoWeb was developped to be modular and to allow different authentications systems to be easily plugged-in. This section describes one implementation of authentication, user password and roles management, which is the auth plugin shipped with CartoWeb.

Auth plugin login dialog

The auth plugin is not a core plugin. That's why you need to enable it if you want to enable users to log-in. See <a class="xref" href="user.config.html" title="4. Configuration File