Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

New TIBCO Community Coming Soon
In early summer, TIBCO plans to launch a new community—with a new user experience, enhanced search, and expanded capabilities for member engagement with answers and discussions! In advance of that, the current myibi community will be retired on April 30. We will continue to provide updates here on both the retirement of myibi and the new community launch.

What You Need to Know about Our New Community
We value the wealth of knowledge and engagement shared by community members and hope the new community will continue cultivating networking, knowledge sharing, and discussion.

During the transition period, from April 20th until the new community is launched this summer, myibi users should access the TIBCO WebFOCUS page to engage.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     Passing values securely to WF Report Server

Read-Only Read-Only Topic
Go
Search
Notify
Tools
Passing values securely to WF Report Server
 Login/Join
 
Silver Member
posted
This seems like the most basic of things to want to do but so far IBI still hasn't given me an answer (case opened 5/22). I'm just trying to pass information securely from my Tomcat application to a WF Server.

We have an existing application running on Tomcat that authenticates the user and stores information about them as session variables. We want to add reporting to this application which will require securely passing these values from the session to the WF Report server.

While I can freely access the session values within my application, session information is limited to the context it was created in so it's unavailable to the WF Servlet as that runs under a different context.

I know I can't be the only one doing this so what am I missing?

WF Server 7.1, WF Client installed on Tomcat as per the IBI instructions. No other IBI tools.
 
Posts: 41 | Registered: January 06, 2006Report This Post
Expert
posted Hide Post
A shot in the dark, but, any chance of using ASP or JSP etc. to pull out the session variables?

T



In FOCUS
since 1986
WebFOCUS Server 8.2.01M, thru 8.2.07 on Windows Svr 2008 R2  
WebFOCUS App Studio 8.2.06 standalone on Windows 10 
 
Posts: 5694 | Location: United Kingdom | Registered: April 08, 2004Report This Post
Silver Member
posted Hide Post
Thanks for the reply Tony.

Pulling the session variables out is easy - as long as you stay within the same application. Once you cross over to another application, the session variables are no longer available to the new app.

IBI has the WF Servlet designed to be installed as its own application separate from the customer's app. So I can't pull the session variables in the IBI Servlet app.

I can pull them in my app but I need some way to securely pass them to the WF Servlet. "Secure" meaning in a way that the HTML request cannot be spoofed by the user passing altered parameters.
 
Posts: 41 | Registered: January 06, 2006Report This Post
Expert
posted Hide Post
A rock and a hard place comes to mind Frowner



In FOCUS
since 1986
WebFOCUS Server 8.2.01M, thru 8.2.07 on Windows Svr 2008 R2  
WebFOCUS App Studio 8.2.06 standalone on Windows 10 
 
Posts: 5694 | Location: United Kingdom | Registered: April 08, 2004Report This Post
Silver Member
posted Hide Post
It feels that way. IBI is getting back to me today and they say they have a solution. I'll post it back here if it works so others can benefit.

What bugs me is this is such a basic thing. I can see where this isn't a problem if you are using the other IBI tools (which are out of our price range) but anyone doing a self-service app or trying to integrate WF into an existing application must have the same issue.
 
Posts: 41 | Registered: January 06, 2006Report This Post
Virtuoso
posted Hide Post
EJL, This may sound simple, but this is actually hard to do. What you are asking is for a web application to inherit authentication that has already been done from another web application. This is so hard - in fact - that a lot of companies have made lots of money solving just this problem (e.g. ClearTrust, Siteminder, Entrust to name a few).

From where I stand, you have two choices:
- Look into session sharing if both web apps are on the same server - I haven't done this, but I've talked to people that say it is possible.
- Build your own personal two form authentication process (you really should do two form if you want to avoid spoofing). I have done this a couple of times with web focus.

Either way, you are going to have to develop some Java code, because you cannot do this with focus code.


"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
 
Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004Report This Post
Silver Member
posted Hide Post
I really hoped IBI would have given me a way to bring the IBI servlet functionality into the current application, thereby removing all the cross application security issues. That would have been easy for me.

Instead the solution seems to be leaning towards cookies. I'm still waiting on IBI documentation to see how secure we can actually make it. I think a a non-persistent, encrypted cookie, sent with a digital signature would do the trick.

I agree this isn't going to be in Focus code but I'm fine with that. We've got a lot of development options in our "toolbox".
 
Posts: 41 | Registered: January 06, 2006Report This Post
Virtuoso
posted Hide Post
If all you are using is the WFServlet, then why not try bringing it in to you current app? If you deconstruct the web.xml, you should be able to pull all relavent content into your existing app.

Another option is to use the webfocus API. That way, you can call the webfocus app as Java functions from your existing app.

Just a couple of thoughts.


"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
 
Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004Report This Post
Silver Member
posted Hide Post
I didn't look into it myself but our lead developer investigated bringing in the WF Servlet and thought there would be issues so we decided to not go down that road thinking IBI had to have a cleaner way.

I've never heard of the WebFocus API but the overview I just read looks very promising. Is this a separate product? I wonder why IBI support didn't mention it as an option.

Almost forgot - Thanks a lot for the information. You've definitely given me some good stuff to research.
 
Posts: 41 | Registered: January 06, 2006Report This Post
Virtuoso
posted Hide Post
To the best of my knowledge, the API is not a separate product. There is even a sample API app installed with the product. Look into:
.\ibi\WebFOCUSxx\samples\webapps for a simple example.


"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
 
Posts: 1102 | Location: Toronto, Ontario | Registered: May 26, 2004Report This Post
Platinum Member
posted Hide Post
EJL,

The WFAPI is documented in \ibi\WebFOCUSxx\ibi_html\javadoc

Hope this helps...
Kevin


WF 7.6.10 / WIN-AIX
 
Posts: 141 | Location: Denver, CO | Registered: December 09, 2005Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     Passing values securely to WF Report Server

Copyright © 1996-2020 Information Builders