Note
Role-based access is supported in the standaloneMATLAB®Web App Server™产品,而不是包含的开发版本MATLAB Compiler™。有关详细信息,请参阅MATLAB Web App Server Differences。
Note
To use role-based access, you need to:
Enable SSL on the server. For more information, seeEnable SSL。
Enable authentication on the server. For more information, see验证。
在服务器上启用基于角色的访问权限,您可以决定哪些用户可以撰写应用程序,哪些用户可以使用它们。
MATLAB Web App Serversupports two roles for role-based access:Author和用户。
一个Authorcan add, delete, and run web apps fromMATLAB Web App Server。一个Authorsees a管理应用程序button on the server home page.
A用户can only run web apps from theMATLAB Web App Serverhome page. A用户sees aDiagnosticsbutton on the server home page.
You can use role-based access along with policy-based access to finely determine who can run apps on the server and who can modify them. For details, seePolicy-Based Access。
启用基于角色的访问:
检查是否启用了SSL。有关更多信息,请参阅Enable SSL。
Check if authentication is enabled. For more information, see验证。
Create a file namedwebapps_app_roles.json
和place it in thewebapps_private
folder.
Thewebapps_private
folder can be found in:
Operating System | 文件夹位置 |
---|---|
视窗® |
|
Linux® |
|
苹果系统 |
|
The JSON schema forwebapps_app_roles.json
is:
{“版本”:“ 1.0.0”,“ Acceptoles”:[{“ id”:“ user”,“ description”:<文本描述用户角色>,“用户”:{}的用户“组”:{<属性名称和值,以识别分配给用户角色>}}的组,{“ id”:“ rution”,“ description”:<文本描述作者角色>,“用户”:{<属性名称和值,以识别分配给作者角色>}的最终用户,“ groups”:{<属性名称和值以识别分配给作者角色>}}的组的组}}
version: Specify the version of the JSON schema. The default value forR2021ais:1.0.0
。
id:指定角色名称。您可以指定用户
或者Author
。Only these two roles are supported.
description: Specify a description for each role. For example:
“描述”:“作者可以上传,删除和执行Web应用程序。”
users: Specify an attribute that uniquely identifies the set of authenticated end users who can assume the role of anAuthor或者a用户。
The attribute names depend on the type of authentication you are using.
For example, if you are using LDAP for authentication, you can fill in the JSON schema as follows:
"users":{ "email": ["bishop@myboston.com", "queen@myboston.com"] }
email
as an attribute, and checks to see if the attribute value (email address in this case) is listed in the schema. When both checks succeed, the end-user will be assigned a role.小组: Specify an attribute name and corresponding values that uniquely identify the group of authenticated end users who can assume the role of anAuthor或者a用户。
The attribute names depend on the type of authentication you are using. Using小组lets you assign entire sets of end-users a role at once.
For example, if you are using LDAP for authentication, you can fill in the JSON schema as follows:
“组”:{“成员”:[“ CN =营销,OU = Mail,DC = LDAP,DC = MyBoston,DC = COM”,“ CN = Development,OU = Mail,DC = LDAP,DC = MyBoston,DC,DC= com”]]}
memberOf
作为属性,并检查属性的值是否在模式中列出。当两者都成功时,最终用户将被分配一个角色。Attributes specified in the schema need to be collective or group attributes.
Tip
您不需要两者指定users
和小组
in the schema for each role unless that is the only way to obtain a unique set of end users.
If you use an attribute in theusers
field in the用户role to identify a set of users, you need use the same attribute in theusers
field in theAuthorrole to identify a set of users. The same condition applies to小组
as well.
MATLAB Web App Serverfirst checks if an authenticated user can assume the role of anAuthorbefore checking the用户role. If checks against both roles fails, the end-user is denied access to the server.
webapps_app_roles.json
申请LDAP身份验证{“版本”:“ 1.0.0”,“ Acceptoles”:[{“ ID”:“用户”,“描述”:“用户只能执行Web应用程序。”,“组”:{“ memberof”:[[“ CN =营销,OU = Mail,DC = LDAP,DC = MyBoston,dc = com”,“ CN =开发,OU = Mail,DC = LDAP,DC = MyBoston,dc = com”]}}},{“:“作者”,“描述”:“作者可以上传,删除和执行Web应用程序。”,“用户”:{“电子邮件”:[“ bishop@myboston.com”,“ queen@myboston.com”]}}]}}
webapps_app_roles.json
文件天蓝色AD Authentication{ "version": "1.0.0", "appRoles": [ { "id": "User", "description": "A User can only execute web apps.", "groups": { "groups": [ "1a23456-ab2c-4444-a123-12345b3a81af", "2b3456cd-e8ed-4fcf-ac55-6b79b0781eed " ] } }, { "id": "Author", "description": "An Author can upload, delete, and execute web apps.", "users": { "upn": [ "bishop@myboston.com", "queen@myboston.com" ] } } ] }
Caution
JSON模式语法webapps_app_roles.json
is strictly enforced. Errors in the schema syntax may result in the server not starting, or you being denied access to the server when you try to log in.