JBoss.orgCommunity Documentation
The Artificer implementation strives to be a fully compliant reference implementation of the S-RAMP specification. This chapter describes the overall architecture of the implementation and also provides some information about how to configure it.
The server implementation is a conventional Java web application (WAR). The following technologies are used to provide the various components that make up the server implementation:
The Artificer Browser is protected using web application security mechanisms configured in the WARs' web.xml.
By default, the UI uses single-sign-on (SSO) as the actual authentication mechanism. The SSO is provided via integration with the Keycloak framework. The actual web.xml configuration uses a standard basic security-context, but SSO is provided under-the-hood.
The security domain is configured to accept either a username and password (standard BASIC authentication) or a bearer token. If invoking the Atom API directly, then typically BASIC authentication would be used. When invoking the Atom API from an application that has already authenticated the user in some way, then it is appropriate to use the bearer token as a request header ("Authorization", "Bearer " + bearerToken). For example, the Artificer CLI application uses BASIC authentication when invoking the Artificer Atom API. The Artificer Browser (a web application) requires the user be authenticated into it, and thus is able to use the bearer tokens rather than propagate user credentials.
The app uses a Keycloak realm named artificer, which you’ll see used in standalone-full.xml's Keycloak subsystem resources. See Getting Started for more info.