Hi,
I used the logon service example (viewtopic.php?f=9&t=1167), which works fine.
Afterwards I noticed the Ebase Security system which has even more functionality which I would like to use, but I do not know how to access this service and can't find a good example (probably I'm overseeing something). Can somebody assist?
Ebase security system example use
Moderators: Jon, Steve, Ian, Dave
-
- Moderator
- Posts: 1342
- Joined: Wed Sep 12, 2007 12:49 pm
Re: Ebase security system example use
Supplied Ebase Security System
You configure users, roles etc using the Server Admin App - from the studio, click the small server icon in the top right and select Start Server Admin App, then Ebase Security System.
There is some (limited) documentation on using this. Again from the studio, select Help > Help Index, then Security > Runtime User Authentication > Implementing a Logon Service. There's a section in here about the supplied security implementation
There is a supplied Logon Service in the workspace that authenticates users and loads roles - this is DefaultLogonService in the VerjSamples project - the supplied implementation section of the above doc refers to this. You can call this from your own forms to authenticate users.
Alternatively you can get users to authenticate using a JSP page when they connect for the first time. The JSPs are in UfsServer/tomcat/webapps/ebase/samples/logon and this is configured/activated using Security Properties in the Server Admin App. See the XI Logon Exit doc page.
You configure users, roles etc using the Server Admin App - from the studio, click the small server icon in the top right and select Start Server Admin App, then Ebase Security System.
There is some (limited) documentation on using this. Again from the studio, select Help > Help Index, then Security > Runtime User Authentication > Implementing a Logon Service. There's a section in here about the supplied security implementation
There is a supplied Logon Service in the workspace that authenticates users and loads roles - this is DefaultLogonService in the VerjSamples project - the supplied implementation section of the above doc refers to this. You can call this from your own forms to authenticate users.
Alternatively you can get users to authenticate using a JSP page when they connect for the first time. The JSPs are in UfsServer/tomcat/webapps/ebase/samples/logon and this is configured/activated using Security Properties in the Server Admin App. See the XI Logon Exit doc page.
0 x
-
- Ebase User
- Posts: 86
- Joined: Thu Mar 08, 2018 2:52 pm
Re: Ebase security system example use
It looks like I'm making a mistake. All combinations of user/passwords are accepted.
I have an example based portal login form which triggers a user validation script for logon.
Whatever random username/password I supply, the script accepts and takes to user to the last line which calls the Welcome form.
When I access another form which checks if the user 'isUserLoggedOn()' than it's shows the user is logged on.
What am I missing?
**** ValidateUserCredential ***
importPackage(com.ebasetech.xi.api);
importPackage(com.ebasetech.xi.services);
try {
system.securityManager.logon( "ebaseLogonService", [
["BEA login_Username", fields.USER.value],
["BEA login_Password", fields.PASSWORD.value]
]);
}
catch(e){
// Display errors (ends execution)
event.owner.addErrorMessage(e.javaException.message);
}
//At this point we have a validated user and associated roles
if (system.securityManager.hasRole("administrator")) {
form.gotoForm("PortalAdmin_1");
}
if (system.securityManager.hasRole("services")) {
form.gotoForm("PortalServices_1");
}
form.gotoForm("BeaWelcome");
********
I have an example based portal login form which triggers a user validation script for logon.
Whatever random username/password I supply, the script accepts and takes to user to the last line which calls the Welcome form.
When I access another form which checks if the user 'isUserLoggedOn()' than it's shows the user is logged on.
What am I missing?
**** ValidateUserCredential ***
importPackage(com.ebasetech.xi.api);
importPackage(com.ebasetech.xi.services);
try {
system.securityManager.logon( "ebaseLogonService", [
["BEA login_Username", fields.USER.value],
["BEA login_Password", fields.PASSWORD.value]
]);
}
catch(e){
// Display errors (ends execution)
event.owner.addErrorMessage(e.javaException.message);
}
//At this point we have a validated user and associated roles
if (system.securityManager.hasRole("administrator")) {
form.gotoForm("PortalAdmin_1");
}
if (system.securityManager.hasRole("services")) {
form.gotoForm("PortalServices_1");
}
form.gotoForm("BeaWelcome");
********
0 x
-
- Moderator
- Posts: 1342
- Joined: Wed Sep 12, 2007 12:49 pm
Re: Ebase security system example use
The logon service is not authenticating your user/password combination - see the JS_LOGON_SERVICE_LOGIC. To correct this I think you need to change your code to:
The "JSP" tells the logon service script that the input has come from a signon page and therefore needs to be validated - as opposed to from a Windows domain user which the system is prepared to accept as valid.
Code: Select all
try {
system.securityManager.logon( "ebaseLogonService", [
["JSP", fields.USER.value],
["BEA login_Password", fields.PASSWORD.value]
]);
0 x
-
- Ebase User
- Posts: 86
- Joined: Thu Mar 08, 2018 2:52 pm
Who is online
Users browsing this forum: No registered users and 10 guests