In this section: |
To implement security, basic authorization requires a user-maintained XML file of users and groups. This is not an adequate security system by itself; rather, it is a sample security system that you can use to configure and deploy iEI in a limited manner.
The schema for the XML file is provided with the iwgoogle.jar file in misc\doc\baseauth.xsd. The iwgoogle.jar file is installed in the extensions area of your iWay configuration.
This exit uses an XML file to store users and their properties. Each user must be a member of at least one group; the group represents a usage capability, such as the manner in which the search document is rendered. Each group holds attributes of the message type and the transformation to apply to it.
For example, assume that user FRED is a member of the MONOLOG, TRAGEDY, and STANDUP groups, and user MILTON is a member of the STANDUP group. GEORGE is only a member of the POLITICS group. The TRAGEDY and STANDUP groups each have an entry for "lad", associating it with an appropriate transformation. The following message arrives:
<lad>There was a young lad from Nantucket</lad>
When user FRED processes the message, the authorization driver first checks the MONOLOG group and finds no entry for "lad". The driver goes on to check the TRAGEDY group, where it finds a transformation that produces a play about the Prince of Nantucket and his girlfriend Ophelia. User MILTON is a member of the STANDUP group, and when the driver finds a transformation, it produces a limerick. Next, GEORGE receives the message. None of the groups to which he belongs has an entry for "lad", and so GEORGE is denied access.
The <db> XML file processed by the authorization driver stores the user/group interaction. You can edit this file to add groups and users to meet simple needs. The following image shows the structure of the file:
A user has the following properties:
Groups have access to selections. A selection describes the view of a particular document type to which users in the group have access. Selections are configured as follows:
The administrators group has permission to view all documents in the Message Repository without transformation
The user entries carry group membership specifications as one or more <group> tags.
After creating the XML database, you can install and configure the optional authorization and rendering drivers. The rendering drivers are required for audit indexing, and are not available for direct indexing.
Important: The sample security and rendering system described is meant to show the capabilities of the iWay Enterprise Index package as distributed. As described here, they provide minimal security and flexibility. iWay strongly recommends that you create your own security and rendering system. For more information, see the iWay Service Manager Programmer's Guide.
To install and configure the authorization and rendering drivers:
The following image shows the System level Search Authorization Driver Configuration screen. An Add Search Authorization Driver table contains a based on define option selected with a drop-down box next to it.
Parameter |
Value |
Description |
---|---|---|
Activity Log |
iEI_Message_Manager_1 |
This must be the value of a configured Activity Log driver. If no such driver is active, you will see "No Available Driver" in the drop-down list. |
Access Control File |
./etc/iei/authdriver_db.xml |
Location of the XML security database. For information on creating the database XML file, see iWay Enterprise Index Security Considerations. |
iWay Software |