Logon Service example plus logon app download

View and download documents on various topics e.g. Configuring Ebase Xi under different environmental setups

Moderators: Jon, Steve, Ian, Dave

jasmina
Ebase Staff
Posts: 5
Joined: Wed Jul 15, 2015 2:07 pm

Logon Service example plus logon app download

#1

Postby jasmina » Fri May 20, 2016 2:35 pm

Logon Service example plus logon app download
This is an example of using simple database tables to define users and roles. A Logon Service checks the userid/password then loads any user roles. The example also includes simple pages to create and edit users and roles and save them in the database. Follow the instructions below to install and test the application.

Background info: Ebase Xi allows the authentication of users to be separately configured in a Logon Service. This provides a degree of separation between the application which the user will run and the authentication process. An application can invoke the Logon Service by calling system.securityManager.logon().

Download:
SamplePortalLogonServiceDemoApp.zip

Then run the PortalAdmin form:

Test users:
jasmina/password
frankg/password

The instructions below take you through the steps to create the application from scratch. If you've downloaded the app, you can choose to skip the rest of this document.

Step 0: Prerequisites:
Ebase Xi V5.0 or higher.
Run the SQL below to create and populate tables in the EBASE_SAMPLES database:

Code: Select all

-- SamplePortalLogonService Application - Data 

-- Table EB_LS_ROLES
DROP TABLE "EBASE_SAMPLES"."EB_LS_ROLES";

CREATE TABLE "EBASE_SAMPLES"."EB_LS_ROLES" ("ROLENAME" VARCHAR(500) NOT NULL, "DESCRIPTION" VARCHAR(500), CONSTRAINT "PK_EB_LS_ROLES" PRIMARY KEY ("ROLENAME"));
INSERT INTO "EBASE_SAMPLES"."EB_LS_ROLES" ("ROLENAME", "DESCRIPTION") VALUES ('administrator', 'Administrator, access for everything');
INSERT INTO "EBASE_SAMPLES"."EB_LS_ROLES" ("ROLENAME", "DESCRIPTION") VALUES ('services', 'Access to services');


-- Table EB_LS_USERS
DROP TABLE "EBASE_SAMPLES"."EB_LS_USERS";

CREATE TABLE "EBASE_SAMPLES"."EB_LS_USERS" ("USERNAME" VARCHAR(500) NOT NULL, "EMAIL" VARCHAR(500), "FIRSTNAME" VARCHAR(500), "LASTNAME" VARCHAR(500), "PASSWORD" VARCHAR(500), CONSTRAINT "PK_EB_LS_USERS" PRIMARY KEY ("USERNAME"));
INSERT INTO "EBASE_SAMPLES"."EB_LS_USERS" ("USERNAME", "EMAIL", "FIRSTNAME", "LASTNAME", "PASSWORD") VALUES ('jasmina', 'jasmin.ackmann@gmail.com', 'jasmin', 'ackmann', '2abeec28dd6449d746f0174b2dabad06');
INSERT INTO "EBASE_SAMPLES"."EB_LS_USERS" ("USERNAME", "EMAIL", "FIRSTNAME", "LASTNAME", "PASSWORD") VALUES ('frankg', 'frank.gehringer@gmail.com', 'frank', 'gehringer', '2abeec28dd6449d746f0174b2dabad06');
INSERT INTO "EBASE_SAMPLES"."EB_LS_USERS" ("USERNAME", "EMAIL", "FIRSTNAME", "LASTNAME", "PASSWORD") VALUES ('danielc', 'daniel.cadmen@gmail.com', 'daniel', 'cadmen', '2abeec28dd6449d746f0174b2dabad06');


--Table EB_LS_USERS_ROLES
DROP TABLE "EBASE_SAMPLES"."EB_LS_USERS_ROLES";

CREATE TABLE "EBASE_SAMPLES"."EB_LS_USERS_ROLES" ("USERNAME" VARCHAR(500), "ROLENAME" VARCHAR(500));
INSERT INTO "EBASE_SAMPLES"."EB_LS_USERS_ROLES" ("USERNAME", "ROLENAME") VALUES ('', '');
INSERT INTO "EBASE_SAMPLES"."EB_LS_USERS_ROLES" ("USERNAME", "ROLENAME") VALUES ('jasmina', 'administrator');
INSERT INTO "EBASE_SAMPLES"."EB_LS_USERS_ROLES" ("USERNAME", "ROLENAME") VALUES ('danielc', 'administrator');
INSERT INTO "EBASE_SAMPLES"."EB_LS_USERS_ROLES" ("USERNAME", "ROLENAME") VALUES ('frankg', 'services');

--DROP TABLE "EBASE_SAMPLES"."EB_LS_USERS";
--CREATE TABLE "EBASE_SAMPLES"."EB_LS_USERS" ("USERNAME" VARCHAR(500) NOT NULL, "EMAIL" VARCHAR(500), "FIRSTNAME" VARCHAR(500), "LASTNAME" VARCHAR(500), "PASSWORD" VARCHAR(500), CONSTRAINT "PK_EB_LS_USERS" PRIMARY KEY ("USERNAME"));
--INSERT INTO "EBASE_SAMPLES"."EB_LS_USERS" ("USERNAME", "EMAIL", "FIRSTNAME", "LASTNAME", "PASSWORD") VALUES ('', '', '', '', '');
--
--SELECT "USERNAME", "EMAIL", "FIRSTNAME", "LASTNAME", "PASSWORD" FROM "EBASE_SAMPLES"."EB_LS_USERS";
--
--SELECT * FROM "EBASE_SAMPLES"."EB_LS_USERS";
--
--UPDATE "EBASE_SAMPLES"."EB_LS_USERS" SET "USERNAME" = '', "EMAIL" = '', "FIRSTNAME" = '', "LASTNAME" = '', "PASSWORD" = '' WHERE "USERNAME" = '<condition>';
--
--DELETE FROM "EBASE_SAMPLES"."EB_LS_USERS" WHERE "USERNAME" = '<condition>';

Step 1. In the designer create a project

Step 2. Create a new Logon Service in your project
Right click on the project and enter New > System Service > Logon Service
Tip: Take a note of the web service name, it will be used in API calls later!

Step 3. Create Database Resources User and UserRoles and map them to the Logon Service fields WORK_PASSWORD, WORK_USERID (User resource) and table USER_ROLES (UserRoles resource)

Code: Select all

Database Resource &#91;b&#93;User&#91;/b&#93;&#58; 
SELECT "PASSWORD" FROM "EBASE_SAMPLES"."EB_LS_USERS WHERE USERNAME=&&USERNAME;

Database Resource &#91;b&#93;UsersRoles&#91;/b&#93;&#58;
SELECT "ROLENAME" FROM "EBASE_SAMPLES"."EB_LS_USERS_ROLES" WHERE USERNAME=&&USERNAME;
Step 4. Create a script to run in the Logon Service
Create a new script and paste the code below, then add the script to the Logon Service's Integration event

Code: Select all

importPackage&#40;com.ebasetech.xi.api&#41;;
importPackage&#40;com.ebasetech.xi.services&#41;;

/** 
 *  At this entry point the fields PARAM1_VALUE and PARAM2_VALUE is prepopulated through an api call
 *  PARAM1_VALUE mapped to an incoming parameter userName value 
 *  PARAM2_VALUE mapped to an incoming parameter password value
 *  
 *  And we will check the userid/password combination against ebase_sample database and 
 *  populate Fields USERID and Table CUSTOMROLE with a user role
 *  
 *  Table CREDENTIAL- is not populate in this sample but we could have done it if we wanted with additional 
 *  user credentials id/value e.g email/jasmina@gmail.com.
 *  
 *  Table EBASEROLE - populating ignored, we are not using workflow module 
 */

/**
 * checks userid/password combinations against ebase_sample database
 */

/**
 * 
 * @type &#123;string&#125;
 */
var userid = fields.PARAM1_VALUE.value.trim&#40;&#41;;  
var pwd = fields.PARAM2_VALUE.value.trim&#40;&#41;;  


/** @type &#123;string&#125; */
fields.USERID.value = null;

/**
 * Checks user credential and populates the logon service tables
 * @param &#123;string&#125; userid
 * @param &#123;string&#125; pwd
 */

if&#40;authenticateUser&#40;userid,pwd&#41;&#41;&#123;
	
	readUserRoles&#40;userid&#41;;
	fields.USERID.value = userid; //set the authenticated user id
	
&#125;else &#123;
	fields.ERRORCODE.value = "Authentication failed&#58; ";
	fields.ERRORDESCRIPTION.value = "Unauthorized user. Check username and password and try again.";

	&#125;

/**
 * Checking userid/password combinations against a database
 *
 * @param &#123;string&#125; userid
 * @param &#123;string&#125; pwd
 * @return &#123;boolean&#125; 
 */
function authenticateUser&#40;userid,pwd&#41;&#123;
		
	fields.WORK_USERID.value = userid;
	resources.User.fetch&#40;&#41;;
	
	//var mypassword = EncryptionServices.encrypt&#40;"password"&#41;;
	
	var password = EncryptionServices.decrypt&#40;fields.WORK_PASSWORD.value&#41;;

	//check if login pwd matches the password from the database 
	if&#40; password == pwd&#41;&#123;
		return true;
	&#125;

	return false;

&#125;

/**
 * 
 * Takes an userid and populates USER_ROLES and CUSTOMROLE Table 
 * *
 * @param &#123;string&#125; userid
 */
function readUserRoles&#40;userid&#41;&#123;
	tables.USERS_ROLES.USERNAME.value = userid;
  var roles = tables.USERS_ROLES.fetchTable&#40;&#41;;
  
  tables.CUSTOMROLE.copyTable&#40;tables.USERS_ROLES, false&#41;;
 	tables.CUSTOMROLE.updateTable&#40;&#41;;
&#125;

// When we are here logon service has established the users credentials
// Meaning that CUSTOMROLE table is populated with user role
// Meaning that USERID is populated

// We can make api call from a before form event script&#58;
// system.securityManager.isUserLoggedOn&#40;&#41;;
// system.securityManager.hasRole&#40;String userRole&#41;;

// and from a submit button click event script then we can establish a logon service call
// system.securityManager.logon&#40;String webServiceName,Array inParameters&#41;;
Step 5. Test the Logon Service by opening it in the designer and clicking the run icon on the tool bar
Enter test request parameters as follows then click "Submit":
PARAM1_VALUE:user
PARAM2_VALUE:password

Code: Select all

<xml>
<req>
<req>jasmina</req>
<req>string</req>
<req>password</req>
<req>string</req>
<req>string</req>
<req>string</req>
</req>
Step 6. Check Logon Service response body. It should return the user credentials:

Code: Select all

<res&#58;Response xmlns&#58;soap="http&#58;//schemas.xmlsoap.org/soap/envelope/" xmlns&#58;res="http&#58;//www.ebasetech.com/logon/Response"&#58;
<res&#58;USERID&#58;jasmina</res&#58;USERID&#58;
<res&#58;CUSTOMROLES&#58;
<res&#58;CUSTOMROLE&#58;
<res&#58;ROLEID&#58;administrator</res&#58;ROLEID&#58;
</res&#58;CUSTOMROLE&#58;
</res&#58;CUSTOMROLES&#58;
</res&#58;Response&#58;
The Logon Service validated that the user "jasmina" with an administrator role exists.
What we've accomplished so far: The Logon Service has been created and tested successfully and from now on it can be called programmatically from a form script.

Step 7. Every form created in your project which requires authentication needs to add a before form event script to verify that a user has signed on. If the user has not yet signed on, they will be redirected to a login page

Code: Select all

	
/**
 * Verify the user's credentials via server side service lookup.
 * No credentials user is sent to a login page
 * IMPORTANT&#58; used only if the CUSTOMROLE TABLE and USERID field in logon service is populated at runtime
 */
if &#40;!system.securityManager.isUserLoggedOn&#40;&#41;&#41; &#123;
	
		//Navigate to portal login
		form.gotoForm&#40;"PortalLogin"&#41;;  
&#125;
Step 8. Create a user login form
The script below passes the userid and password to the Logon Service for validation using system.securityManager.logon(). If the call was successful - credentials for the user is established.

Code: Select all

/**
 * Validating user credentials via logon service 
 * API&#58; system.securityManager.logon&#40;String webServiceName,Array inParameters&#41;; 
 * TIP&#58; webServiceName, Located in logon service entity e.g. samplePortalLogonWebService
 */
try &#123;
   // Form fields
    var userName = fields.USER.value;
    var password = fields.PASSWORD.value;

    //validating user credentials via logonService
    //initialize the samplePortalLogonWebService fields 

    //&#91;PARAM1_SOURCE &#58; PortalLoginForm_Param1_UserName,PARAM1_VALUE &#58; userName&#93;
    //&#91;PARAM2_SOURCE &#58; PortalLoginForm_Param2_Password,PARAM2_VALUE &#58; userName&#93;

    system.securityManager.logon&#40;"samplePortalLogonWebService", &#91;
        &#91;"PortalLoginForm_Param1_UserName", userName&#93;,
        &#91;"PortalLoginForm_Param2_Password", password&#93;
    &#93;&#41;;

    //event.owner.addWarningMessage&#40;"Validated user credentials for&#58; "+ system.securityManager.userName + " " + system.securityManager.userLoggedOn&#41;;

&#125; catch &#40;err&#41; &#123;
    event.owner.addErrorMessage&#40;"LogonException&#58; " + err&#41;;

&#125;

//At this point we have a validated user and associated roles

if &#40;system.securityManager.hasRole&#40;"administrator"&#41;&#41; &#123;
   form.gotoForm&#40;"PortalAdmin"&#41;;

&#125;
0 x

Who is online

Users browsing this forum: No registered users and 5 guests