================================================
LiveView Authentication and Authorization Sample
================================================

This is a TIBCO LiveView project that demonstrates how to configure 
LiveView to support authentication and authorization, hereafter referred to 
simply as authentication. This sample is modeled after the Hello LiveView 
sample; see the README file from that sample for a description of the 
LiveView table usage.

StreamBase and LiveView use a unified security model that is described
in "StreamBase Security Overview". The various authentication realms and
role mappings are configured by means of configuration files, located
in your project's src/main/configurations directory.

This sample includes some commented out configuration for enabling SSL.
The sample also provides a keystore with a self-signed certificate, and
scripts for creating new keystores.

As shipped, this project contains the following configuration files:

 - authLocalRealm.conf: defines the local authentication realm, and lists users, their 
   passwords, and their assigned role for this realm. Two of the users defined are:
   . The account lvguest, with password lvguest, has limited permissions. 
   . The account lvmanager, with password lvmanager, has full permissions. 
   
 - clientAPIListener.conf: names the authentication realm associated with the LDM listener,
   indicating that user authentication is to be performed for requests handled by this listener.
   This file also configures the TCP port for the LiveView client API to listen on.
   
 - engine.conf: defines JVM arguments required to run this sample.

 - internalCredentials.conf: names the LiveView internal username and password.
   . lvintern is the username and lvintern is the password
 
 - roleMappings.conf: maps users to LiveView privileges to which they are assigned. Users 
   mapped to a descending order of privileges are:
   LVAdmin
   LVInternal
   LVUser
   LVGuest

  - authLDAPRealm.rename_to_conf: Optional LDAP configuration. You must update the
  	LDAP URI, passwords, search rules, role names, etc. for your LDAP configuration. You must update
  	clientApiListener also to use the LDAP realm. You must also rename authLocalRealm.conf 
  	to something that does not end in ".conf". 
 	
 - TLSConfig.rename_to_conf: Optional TLS configuration. This file has to have the absolute
 	paths to keystores, and their passwords. Update the paths to the keystore, rename
 	the file to TLSConfig.conf, and uncomment out the secureCommunicationProfileName
 	line in clientAPIListener.conf to enable TLS.
 
  - ClientTLS.rename_to_conf: Optional TLS configuration. This file has to have the absolute
 	paths to keystores, and their passwords. Update the paths to the keystore, rename
 	the file to ClientTLS.conf, and uncomment out the ldmSecureInternalCommunicationProfileName
 	line in InternalCredentials.conf to enable TLS.
 
  - slf4j-realm-debug.xml: slf4j configuration that enables debug logging for some authentication
    packages. This can be helpful for diagnosing issues with the option LDAP configuration.
 
For further information regarding configuration files, see the
Security section of the "StreamBase Configuration Guide."
    
To run this sample in Studio, you can:
    - In the LiveView Project Viewer, click the green Run button in
      the upper right.
    - Right-click any of the lvconf table configuration files 
      in the Project Explorer view, or right-click the project folder 
      itself, and select Run As > LiveView Fragment.
    
  Remember that starting a LiveView project can take one to three minutes,
  depending on the speed of your computer, the amount of memory available 
  for Java processes, and other factors.

  During the launch Studio will prompt you for a username/password - it needs
  this to connect to the LDM, and ultimately to shut it down. Use
  lvmanager/lvmanager for the username/password.

- You can connect to the running LiveView server from a browser using
  http://localhost:10080, or by using the LiveView desktop client, or
  the lv-client command line tool:

   lv-client -u lv://lvguest:lvguest@localhost:10080 listtables
   
To run this sample from the command line outside of Studio, you must:
 - Package this sample's LiveView fragment project into a fragment
   archive.
 - Create a separate StreamBase Application project, and set the pom.xml
   for that project to depend on the fragment archive created in the 
   previous step.
 - Create a separate StreamBase Application archive file.
 - Install that archive into a StreamBase Runtime node. 
 - Start the node. 

These steps are described in more detail in the "Deploy with epadmin"
page of the Concepts Overview in the StreamBase documentation.