IP Address AuthModule¶
This AuthModule supports the login of a single preconfigured user based on an authorized remote IP address. Currently, it can only be used for API requests, and not for accessing the Yamcs UI.
Class Name¶
Configuration Options¶
- address (string or list of strings)
IPv4 or IPv6 address, or a range with CIDR mask.
A list of addresses or ranges may be specified. The user is then accepted when any of the entries matches the incoming request.
- username (string)
Username of the authenticated user.
- name (string)
Display name of the user account.
- email (string)
Email address of the user account.
- superuser (boolean)
If
truethe account has superuser privileges. Superusers are not subject to permission checks. Default:false.- privileges (map)
Map of assigned privileges, where each entry is either:
An object privilege, with as value a list of patterns.
The special name
System, with as value a list of system privileges.
Example¶
AuthModules are configured in the file etc/security.yaml.
authModules:
- class: org.yamcs.security.IPAddressAuthModule
args:
address: "127.0.0.1"
username: ipv4_user
- class: org.yamcs.security.IPAddressAuthModule
args:
address: "::1"
username: ipv6_user
- class: org.yamcs.security.IPAddressAuthModule
args:
address:
- "192.168.0.0/16"
- "127.0.0.1"
username: testuser