ujibang
commented
8 years ago Hi @jsEveryDay ,
please refer to the Security documentation section.
The IDM (Identity Manager, responsible of authenticating users) can be configured: by default the SimpleFileIdentityManager is used but you can set the DbIdentityManager or even provide your custom implementation.
The following is the security section of the restheart.yml configuration file:
### Security
# The security is configured by setting:
# idm: the Identity Manager responsible of authentication
# access-manager: the Access Manager responsible of authorization
# The RESTHeart security is pluggable and you can provide you own implementation of both IDM and AM.
# the provided default implementations of IDM and AM are SimpleFileIdentityManager, DbIdentityManager and SimpleAccessManager.
# conf-file paths are either absolute (starting with /) or relative to the restheart.jar directory
idm:
implementation-class: org.restheart.security.impl.SimpleFileIdentityManager
conf-file: ../etc/security.yml
access-manager:
implementation-class: org.restheart.security.impl.SimpleAccessManager
conf-file: ../etc/security.ymlIn our experience (we have developed several web and mobile applications using RESTHeart), the DbIdentityManager (which also provides caching capabilities) fulfills most use cases. On the other hand, usually a custom Access Manager must be implemented.
mkjsix
This is not really an issue or really related to angular-restheart I just love how fast and how awesomly resthart runs but I cant see it being used in production. Among other things, to auth restheart user credentials are in security.yml
So if i have 1000 users then i will define them here? If I have a registration form, I will have to make it save the credentials here? and lastly, how could passwords be stored in plaintext?
Im trying to understand the logic of authenticating through RestHeart.