Ebase security system example use

Post any questions you have about using the Verj.io Studio, including client and server-side programming with Javascript or FPL, and integration with databases, web services etc.

Moderators: Jon, Steve, Ian, Dave

fronsky
Ebase User
Posts: 86
Joined: Thu Mar 08, 2018 2:52 pm

Ebase security system example use

#1

Postby fronsky » Wed Apr 11, 2018 5:25 pm

Hi,

I used the logon service example (viewtopic.php?f=9&t=1167), which works fine.

Afterwards I noticed the Ebase Security system which has even more functionality which I would like to use, but I do not know how to access this service and can't find a good example (probably I'm overseeing something). Can somebody assist?
0 x

Jon
Moderator
Moderator
Posts: 1342
Joined: Wed Sep 12, 2007 12:49 pm

Re: Ebase security system example use

#2

Postby Jon » Thu Apr 12, 2018 8:10 am

Supplied Ebase Security System
You configure users, roles etc using the Server Admin App - from the studio, click the small server icon in the top right and select Start Server Admin App, then Ebase Security System.

There is some (limited) documentation on using this. Again from the studio, select Help > Help Index, then Security > Runtime User Authentication > Implementing a Logon Service. There's a section in here about the supplied security implementation

There is a supplied Logon Service in the workspace that authenticates users and loads roles - this is DefaultLogonService in the VerjSamples project - the supplied implementation section of the above doc refers to this. You can call this from your own forms to authenticate users.

Alternatively you can get users to authenticate using a JSP page when they connect for the first time. The JSPs are in UfsServer/tomcat/webapps/ebase/samples/logon and this is configured/activated using Security Properties in the Server Admin App. See the XI Logon Exit doc page.
0 x

fronsky
Ebase User
Posts: 86
Joined: Thu Mar 08, 2018 2:52 pm

Re: Ebase security system example use

#3

Postby fronsky » Fri Apr 13, 2018 6:06 pm

It looks like I'm making a mistake. All combinations of user/passwords are accepted.

I have an example based portal login form which triggers a user validation script for logon.

Whatever random username/password I supply, the script accepts and takes to user to the last line which calls the Welcome form.

When I access another form which checks if the user 'isUserLoggedOn()' than it's shows the user is logged on.

What am I missing?

**** ValidateUserCredential ***
importPackage(com.ebasetech.xi.api);
importPackage(com.ebasetech.xi.services);


try {
system.securityManager.logon( "ebaseLogonService", [
["BEA login_Username", fields.USER.value],
["BEA login_Password", fields.PASSWORD.value]
]);
}
catch(e){
// Display errors (ends execution)
event.owner.addErrorMessage(e.javaException.message);
}
//At this point we have a validated user and associated roles

if (system.securityManager.hasRole("administrator")) {
form.gotoForm("PortalAdmin_1");

}

if (system.securityManager.hasRole("services")) {
form.gotoForm("PortalServices_1");
}

form.gotoForm("BeaWelcome");
********
0 x

Jon
Moderator
Moderator
Posts: 1342
Joined: Wed Sep 12, 2007 12:49 pm

Re: Ebase security system example use

#4

Postby Jon » Mon Apr 16, 2018 1:39 pm

The logon service is not authenticating your user/password combination - see the JS_LOGON_SERVICE_LOGIC. To correct this I think you need to change your code to:

Code: Select all

try {
system.securityManager.logon( "ebaseLogonService", [
["JSP", fields.USER.value],
["BEA login_Password", fields.PASSWORD.value]
]);
The "JSP" tells the logon service script that the input has come from a signon page and therefore needs to be validated - as opposed to from a Windows domain user which the system is prepared to accept as valid.
0 x

fronsky
Ebase User
Posts: 86
Joined: Thu Mar 08, 2018 2:52 pm

Re: Ebase security system example use

#5

Postby fronsky » Sun Apr 29, 2018 7:02 pm

Yes this works. Got authorisation all working. Thanks
0 x


Who is online

Users browsing this forum: Google [Bot] and 11 guests