Enabling Collection-Level Security

How to:

Configure Collection-Level Security

When using collection-level security, users are given access to certain collections. In a secured environment, specific users may not always have authorization to see all of the available collections of data. The collection-level security provides a framework to authenticate and authorize users access to the collection drop-down. Once Magnify users are validated and their authorization determined, the appropriate collections are enabled for search and displayed in the drop-down list of the Magnify search-based application interface.

Collection-level security is enabled using the Magnify Console. It is implemented using a Servlet Filter configured in the WebFOCUS web application. The CollectionsSecurityFilter appends parameters to the request URL that determine the collections the user can search. By default, the CollectionsSecurityFilter calls a login page to obtain the userid and password. The user is then authenticated against the configuration file, magnify_security.xml. These files are defined in the \ibi\WebFOCUSxx\webapps\webfocus\WEB-INF\web.xml file of the WebFOCUS application as follows:

<filter>
  <filter-name>CollectionsSecurityFilter</filter-name>
  <filter-class>
     ibi.search.securityplugins.CollectionsSecurityFilter
  </filter-class>
  <init-param>
    <param-name>passwordFileName</param-name>
    <param-value>passwordfile_path</param-value>
  </init-param>
  <init-param>
    <param-name>jspfile</param-name>
    <param-value>loginpage_path</param-value>
  </init-param>
</filter>

where:

passwordfile_path: Is the location of the file that contains the user IDs and passwords. The default value is config/magnify/magnify_security.xml. This parameter is optional.
loginpage_path: Is the relative path to the login page. Magnify provides a sample login page in the WebFOCUS web application. The default value is search/jsp/magnifylogin.jsp. This parameter is optional.

You can modify the CollectionsSecurityFilter filter to integrate with an existing security framework. To update the filter, you can access the source code in the \ibi\WebFOCUSxx\webapps\webfocus\WEB-INF\classes\ibi\search\securityplugins directory.

The magnify_security.xml sample configuration file is located in the \ibi\WebFOCUSxx\config\magnify directory. Users are defined within the user element as follows:

<user username="admin" password="admin"
usernametodisplay="Administrator"
roles="admin,manager,user,guest,corpofficer"
rights="adminrights"/>

The following attributes are defined for each Magnify user:

username. Specifies the user ID of the Magnify user.
password. Specifies the password of the Magnify user.
usernametodisplay. Optionally, you can specify a more descriptive name to display on the Magnify interface once the user logs in. By default, the description specified by the usernametodisplay parameter displays on the search results page. To change the location of the description or remove it from the interface, you must edit the \ibi\WebFOCUSxx\config\magnify\included_stylesheet.xslt file and move or delete the following syntax:
```
<xsl:if test="/GSP/PARAM[@name='usernametodisplay']/@value != ''">
   <div style="text-align:right"> 
    <xsl:value-of select="$user"/>
    <xsl:call-template name="nbsp"/>
    <xsl:value-of select="/GSP/PARAM[@name='usernametodisplay']
    /@value"/>
  </div>
</xsl:if>
```
rights. Specifies the ID of the rights element defined in a different section of the file. This element defines the collection names.

Note: The roles attribute is not used by collection-level security.

The collections that each user is authorized to search are defined within the rights element as follows:

<rights id="adminrights"
   collections_descriptions="Century Electronics KB,Customer Profiles,
      Employee Directory,Sales Records,Shipping Centers,
      Product Catalog,Franchises,"
   collections_values="default_collection,customers,employees,
      orders,plants,products,stores,"
   collections_value_preselected="default_collection"/>

The following attributes are defined for the rights element:

id. Specifies a unique identifier for the set of collections defined within the rights element. This identifier is used by the user element to assign a set of collections for a user.
collections_descriptions. A comma-separated list of descriptions for each collection that will appear in the drop-down list. A comma must be added to the end of the variable entries.
collections_values. A comma-separated list of collection names defined in the collection.xml file. A comma must be added to the end of the variable entries.
collections_value_preselected. Optionally, you can specify a collection to be selected by default on the drop-down list of the Magnify style sheet.

Note: The collections_descriptions and collections_values defined in the magnify_security.xml file override the same attributes in the Magnify style sheet.

Top of page

Procedure: How to Configure Collection-Level Security

From the Magnify Console, click General.
Select On from the Collection Security Framework drop-down list.
Edit the \ibi\WebFOCUSxx\config\magnify\magnify_security.xml file and define the Magnify users within the user element .
Define the collections that are available for search using the rights element.
If you are using a different file to define Magnify users and collections, edit the \ibi\WebFOCUSxx\webapps\webfocus\WEB-INF\web.xml file and specify the location of the file as the passwordFileName parameter value.
If you are using a custom login page, edit the \ibi\WebFOCUSxx\webapps\webfocus\WEB-INF\web.xml file and specify the location of the login file as the jspfile parameter value.
Restart the application server.

WebFOCUS