Deploying Hyperon

Authentication in Hyperon Runtime-REST

Standard

Standard authentication using standard Spring authentication mechanism. No extra actions needed to use it, it is available by default.

Default authentication using a standard Spring authentication mechanism. No extra actions are needed to use it, it is available by default. You can choose from the following password encoder security algorithms:

  • bcrypt (default)
  • pbkdf2

To select a pbkdf2 algorithms, you must set hyperon.security.basic.password-encoder property in the application.properties file as follows:

    
hyperon.security.basic.password-encoder=Pbkdf2

What's more, you can choose the complexity of bcrypt algorithm. In order to do that, a hyperon.security.basic.bcrypt.complexity property in the application.properties must be set. Values between 4 and 31 are accepted, 5 is used by default. The bigger the value the safer algorithm is, but the performance impact is also increasing.

Active Directory

To use Active Directory authentication, 4 properties must be specified in application.properties file:

  • hyperon.runtime-rest.security.type=active-directory
  • hyperon.security.active-directory.domain Active Directory main root (usually server domain, for example: domain.local).
  • hyperon.security.active-directory.url Active Directory server url, for example: ldap://10.222.20.156:389/
  • hyperon.security.active-directory.root-dn for example DC=domain,DC=local.

Also for versions 1.X.X  hyperon.runtime-test.security.type environment variable must be set to "ad".

Requirements for AD user:

  • Login - not empty, min size: 1, max size: 200
  • First name - not empty, min size: 1
  • Last name - not empty, min size: 1
  • E-mail address - if empty Hyperon generates default e-mail consistent with schema: 'login@local.com'
  • Roles - min one role consistent with Hyperon role

Hyperon supports role management. Roles defined in Active Directory must be compatible with roles in Hyperon structure.

Hierarchy of roles in Hyperon:

  • MPP_ADMIN - Hyperon Administrator
  • MPP_USER - Hyperon User
  • MPP_USER_READONLY - Readonly Hyperon User
  • HYPERON_SUPERPACK_IMPORT - Readonly Hyperon User with grant to import Superpack

It is possible to create own roles in AD but remember to create same roles in Hyperon structure. It's necessary to proper authentication process.

‍JWT Token

For Hyperon runtime application set hyperon.runtime-rest.security.type=jwt property.

To use JWT Token authentication, a hyperon.security.jwt.secret-key property must be set in Hyperon Studio's application.properties file as well as Hyperon Runtime REST. What's more, it must be the same key in both places.

You can generate a new token in Hyperon Studio. A view to see all existing tokens as well as a button to generate a new one can be found in Menu's Tools tab. When creating a new token, you can specify the expiry date. Admin users may also specify a user that a newly generated token will be assigned to.

To use generated token in REST API calls, you need to add an Authorization header with the following format:

Authorization: Bearer your_jwt_token

for example:

Authorization: Bearer eyJhbGciOiJIUzI1N