How to: |
When using collection-level security, users are given access to certain collections. In a secured environment, specific users may not always have authorization to see all of the available collections of data. The collection-level security provides a framework to authenticate and authorize users access to the collection drop-down. Once Magnify users are validated and their authorization determined, the appropriate collections are enabled for search and displayed in the drop-down list of the Magnify search-based application interface.
Collection-level security is enabled using the Magnify Console. It is implemented using a Servlet Filter configured in the WebFOCUS web application. The CollectionsSecurityFilter appends parameters to the request URL that determine the collections the user can search. By default, the CollectionsSecurityFilter calls a login page to obtain the userid and password. The user is then authenticated against the configuration file, magnify_security.xml. These files are defined in the \ibi\WebFOCUSxx\webapps\webfocus\WEB-INF\web.xml file of the WebFOCUS application as follows:
<filter> <filter-name>CollectionsSecurityFilter</filter-name> <filter-class> ibi.search.securityplugins.CollectionsSecurityFilter </filter-class> <init-param> <param-name>passwordFileName</param-name> <param-value>passwordfile_path</param-value> </init-param> <init-param> <param-name>jspfile</param-name> <param-value>loginpage_path</param-value> </init-param> </filter>
where:
Is the location of the file that contains the user IDs and passwords. The default value is config/magnify/magnify_security.xml. This parameter is optional.
Is the relative path to the login page. Magnify provides a sample login page in the WebFOCUS web application. The default value is search/jsp/magnifylogin.jsp. This parameter is optional.
Note: The user or group parameter may also be required. For more information, see the WebFOCUS Managed Reporting documentation.
You can modify the CollectionsSecurityFilter filter to integrate with an existing security framework. To update the filter, you can access the source code in the \ibi\WebFOCUSxx\webapps\webfocus\WEB-INF\classes\ibi\search\securityplugins directory.
The magnify_security.xml sample configuration file is located in the \ibi\WebFOCUSxx\config\magnify directory. Users are defined within the user element as follows:
<user username="admin" password="admin" usernametodisplay="Administrator" roles="admin,manager,user,guest,corpofficer" rights="adminrights"/>
The following attributes are defined for each Magnify user:
<xsl:if test="/GSP/PARAM[@name='usernametodisplay']/@value != ''"> <div style="text-align:right"> <xsl:value-of select="$user"/> <xsl:call-template name="nbsp"/> <xsl:value-of select="/GSP/PARAM[@name='usernametodisplay'] /@value"/> </div> </xsl:if>
Note: The roles attribute is not used by collection-level security.
The collections that each user is authorized to search are defined within the rights element as follows:
<rights id="adminrights" collections_descriptions="Century Electronics KB,Customer Profiles, Employee Directory,Sales Records,Shipping Centers, Product Catalog,Franchises," collections_values="default_collection,customers,employees, orders,plants,products,stores," collections_value_preselected="default_collection"/>
The following attributes are defined for the rights element:
Note: The collections_descriptions and collections_values defined in the magnify_security.xml file override the same attributes in the Magnify style sheet.
WebFOCUS |