April 20, 2006, 06:56 AM
KaranthI tried turning Security ON in the console and added a few NT login IDS. But all NT logins still have access. How do i resolve this?
April 21, 2006, 05:14 PM
dhagenSo many ways to do this:
- If you are using IIS with Jakarta plug-in or New Atlanta, restrict access to the web server based on the AD accounts. And shut off the tomcat http listener - only allow AJP. Consult Microsoft for full documentation.
- If you are using Tomcat standalone, use Tomcat internal security settings to stop access by either: a) JNDI to AD, or hardcoded userid's via the tomcat-user.xml (Note: you will have to alter WFs web.xml for this to work). Consult apache.org for full documentation.
- Or, write a focexec that uses the GETUSER() subroutine to identify the user, then exit the routine if they are not one of the users that should be there, and make this focexec the site profile for your web focus app.
3rd option is the easiest to do.
April 24, 2006, 04:55 AM
KaranthThanks dhagen,
we have done wat u said in option 3. We have a list of valid user ids and changed the site.wfs to point to a security.fex which does the user validation and then call the requested fex from security.fex. This works just fine..
But I have another doubt. The documentation in WF says that if u set security = PTH in WF 7.1 the user ids and passwords are validated. I set security = PTH and added one admin id and password. But WF doesn't seem to be checking the password at all. I dont want people to be able to log onto my server console from LAN. How do i restrict this?
June 01, 2006, 04:41 PM
kerberos...when set to PTH, it lets you login with any user id/password combination you can think of but it doesnt really give any privileges at all or BASIC level for that matter. Otherwise, you can restrict your webfocus admin console thru web server level (e.g. restrict ip addresses etc) - that is if you still want to use PTH. There are many options for this, try engaging IBI.