Focal Point
Security in Web Focus

This topic can be found at:
https://forums.informationbuilders.com/eve/forums/a/tpc/f/7971057331/m/8421075161

March 31, 2006, 12:54 AM
Karanth
Security in Web Focus
Hi,
I need to create an application in Web Focus with security i,e., user authentication.
For example i will create a login page in the WF server using the HTML layout painter or anything and then i need to have a set of valid users who can access this page. Is this possible ni Web Focus?

Also I want to set security level as PTH. Where do i store the user ids and passwwords? It says in admin.cfg file but how do i do it?
March 31, 2006, 12:22 PM
TexasStingray
karanth,

Not Sure what you are trying to do. Could you be a little more specific. What flow are are trying to implement on security.




Scott

April 04, 2006, 01:26 AM
Karanth
Hi,
I want to create something like a self service application and also have a user authentication process. How do i do this?
April 04, 2006, 08:56 AM
Kamesh
You can do it by storing the user details and password(encrypted) in database. Then write your front-end using asp or jsp based on ur requirement and retrieve the windows authentication userid and verify it with your table OR ask them to enter the userid in login screen and verify it with your table.

Hope this helps,


WFConsultant

WF 8105M on Win7/Tomcat
April 04, 2006, 01:32 PM
TexasStingray
Karanth,

While Kamesh idea will work it: adds another layer to security and concerns having id's and passwords somewhere else that needs to be maintained and secured. Do you have a systems that stores the ID, Passowrds that you want to authenticate against.




Scott

April 20, 2006, 06:56 AM
Karanth
I tried turning Security ON in the console and added a few NT login IDS. But all NT logins still have access. How do i resolve this?
April 21, 2006, 05:14 PM
dhagen
So many ways to do this:

- If you are using IIS with Jakarta plug-in or New Atlanta, restrict access to the web server based on the AD accounts. And shut off the tomcat http listener - only allow AJP. Consult Microsoft for full documentation.
- If you are using Tomcat standalone, use Tomcat internal security settings to stop access by either: a) JNDI to AD, or hardcoded userid's via the tomcat-user.xml (Note: you will have to alter WFs web.xml for this to work). Consult apache.org for full documentation.
- Or, write a focexec that uses the GETUSER() subroutine to identify the user, then exit the routine if they are not one of the users that should be there, and make this focexec the site profile for your web focus app.

3rd option is the easiest to do.


"There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott
April 24, 2006, 04:55 AM
Karanth
Thanks dhagen,
we have done wat u said in option 3. We have a list of valid user ids and changed the site.wfs to point to a security.fex which does the user validation and then call the requested fex from security.fex. This works just fine..

But I have another doubt. The documentation in WF says that if u set security = PTH in WF 7.1 the user ids and passwords are validated. I set security = PTH and added one admin id and password. But WF doesn't seem to be checking the password at all. I dont want people to be able to log onto my server console from LAN. How do i restrict this?
June 01, 2006, 04:41 PM
kerberos
...when set to PTH, it lets you login with any user id/password combination you can think of but it doesnt really give any privileges at all or BASIC level for that matter. Otherwise, you can restrict your webfocus admin console thru web server level (e.g. restrict ip addresses etc) - that is if you still want to use PTH. There are many options for this, try engaging IBI.