Enabling Collection-Level Security

How to:

When using collection-level security, users are given access to certain collections. In a secured environment, specific users may not always have authorization to see all of the available collections of data. The collection-level security provides a framework to authenticate and authorize user access to the collection drop-down list. Once Magnify users are validated and their authorization determined, the appropriate collections are enabled for search and displayed in the drop-down list of the Magnify search-based application interface.

Collection-level security is enabled using the Magnify Console. It is implemented using a Servlet Filter configured in the WebFOCUS web application. The CollectionsSecurityFilter appends parameters to the request URL that determine the collections the user can search. By default, the CollectionsSecurityFilter calls a login page to obtain the userid and password. The user is then authenticated against the configuration file, magnify_security.xml. These files are defined in the \ibi\WebFOCUSxx\webapps\webfocus\WEB-INF\web.xml file of the WebFOCUS application as follows:

<filter>
  <filter-name>CollectionsSecurityFilter</filter-name>
  <filter-class>
     ibi.search.securityplugins.CollectionsSecurityFilter
  </filter-class>
  <init-param>
    <param-name>passwordFileName</param-name>
    <param-value>passwordfile_path</param-value>
  </init-param>
  <init-param>
    <param-name>jspfile</param-name>
    <param-value>loginpage_path</param-value>
  </init-param>
</filter>

where:

passwordfile_path

Is the location of the file that contains the user IDs and passwords. The default value is config/magnify/magnify_security.xml. This parameter is optional.

loginpage_path

Is the relative path to the login page. Magnify provides a sample login page in the WebFOCUS web application. The default value is search/jsp/magnifylogin.jsp. This parameter is optional.

Note: The user or group parameter may also be required. For more information, see the WebFOCUS Managed Reporting documentation.

You can modify the CollectionsSecurityFilter filter to integrate with an existing security framework. To update the filter, you can access the source code in the \ibi\WebFOCUSxx\webapps\webfocus\WEB-INF\classes\ibi\search\securityplugins directory.

The magnify_security.xml sample configuration file is located in the \ibi\WebFOCUSxx\config\magnify directory. Users are defined within the user element as follows:

<user username="admin" password="admin"
usernametodisplay="Administrator"
roles="admin,manager,user,guest,corpofficer"
rights="adminrights"/>

The following attributes are defined for each Magnify user:

Note: The roles attribute is not used by collection-level security.

The collections that each user is authorized to search are defined within the rights element as follows:

<rights id="adminrights"
   collections_descriptions="Century Electronics KB,Customer Profiles,
      Employee Directory,Sales Records,Shipping Centers,
      Product Catalog,Franchises,"
   collections_values="default_collection,customers,employees,
      orders,plants,products,stores,"
   collections_value_preselected="default_collection"/>	

The following attributes are defined for the rights element:

Note: The collections_descriptions and collections_values defined in the magnify_security.xml file override the same attributes in the Magnify style sheet.


Top of page

x
Procedure: How to Configure Collection-Level Security
  1. From the Magnify Console, click General.
  2. Select On from the Collection Security Framework drop-down list.
  3. Edit the \ibi\WebFOCUSxx\config\magnify\magnify_security.xml file and define the Magnify users within the user element.
  4. Define the collections that are available for search using the rights element.
  5. If you are using a different file to define Magnify users and collections, edit the \ibi\WebFOCUSxx\webapps\webfocus\WEB-INF\web.xml file and specify the location of the file as the passwordFileName parameter value.
  6. If you are using a custom login page, edit the \ibi\WebFOCUSxx\webapps\webfocus\WEB-INF\web.xml file and specify the location of the login file as the jspfile parameter value.
  7. Restart the application server.

WebFOCUS