Maintaining Ebase security through a web interface

[Vircos]

In our organisation we see a movement to single-sign-on.
So we prepared some forms with single-sign-on. The next step is authorizing specific persons per form.

Normally that should not give a problem. We can use a custom database resource in combination with a secured authorisation administration form and let a FPL script check the authorisation per form.

But we want to combine it with the workflow module. At the moment you have to use the Maintain security from the Ebase designer to authorize persons.

Is there a way of maintaining the Ebase security through a web interface?
That way we can make people of different departments responsible for maintaining the authorisation per form/workflow without having them to use the Ebase Designer.

I hope you guys will understand my question and will excuse my bad English

[Jignesh]

Yes! There is a way to maintaining the Ebase security through a web interface.

You will have to write custom functions (java). These functions will have to import certain java classes from the standard Ebase package which provide methods to maintain the entire Ebase security i.e. Users, Groups, Roles, etc.

I have done something similar for one of our customers. I have created some custom functions which create users and groups. It does not maintain the entire Ebase security but will give you a good idea of how to do it!

Please send me an email (click the button below) if you would like sample code and I will send it to you as soon as I can

[Vircos]

Thank you Jignesh.

This topic may be closed

[Wai]

There is an alternative approach if you are using external security.

Instead of pointing the Authentication to the Ebase Security, you can point it to the External System and replace a number of Ebase supplied components. The benefit of doing this is that you do not need to duplicate your security data from your external system into Ebase.

You can either authenticate all users against the external system, or all runtime users.

If just for runtime users, you can change the Login Module. The default EbaseLoginModule directs authentication and role completion to the User Manager component however you can point it to the external system instead. You will need to define user roles if using the Ebase Workflow system.

If it is for all users, replace the User Manager component. The default User Manager accesses the Ebase Security database and has methods for doing the authentication and for creating a user Subject which includes all the role information. To authenticate users against an external system you can replace the User Manager component to access the external system instead. The external system will also require some means of defining role associations and you will need to be able to extract these roles.

You will also have to rewrite the Assignment Handler if using Workflow. This is a pluggable component that handles the assigning of Workflow tasks.

For more information refer to the Ebase documentation on Security Authentication.

[Vircos]

Unfortunately that is not an option in my organisation.
So we have to duplicate the security data.