WebFOCUS has its own internal security model, encryption techniques, and variable table. Managed Reporting comes with its own repository for storing user credentials and access rights. However, WebFOCUS can be configured and extended to work with a wide variety of third-party products or customized solutions.

The following diagram illustrates the points in the WebFOCUS Client processing at which customization can be implemented.

The WebFOCUS Client has two points at which customized programs can be used to extend its default processing:

• The Java Servlet filter is called before each HTTP request is passed to the WebFOCUS application. The request originates from the HTTP Client (for example, a Web Browser), is sent to the Web Server, and is then passed to the Application Server. The Java Servlet filter can intercept the call from the Application Server to the WebFOCUS application and can optionally alter the request, response, or halt execution before the WebFOCUS application receives it. For example, the Java Servlet filter may be used to perform custom authentication.
• The WebFOCUS Plug-in is called before each request is passed to the WebFOCUS Reporting Server, whether it is a self-service or Managed Reporting request. Plug-in code can also be called prior to passing results from the WebFOCUS Reporting Server to the WebFOCUS Client. Therefore, it gives you an opportunity to preprocess a request from the browser and post-process the response before returning the result to the browser.

  To use this plug-in, the customer site must perform some configuration steps, such as setting WebFOCUS variable values or editing properties. This plug-in provides methods for copying WebFOCUS variables, application server session variables, and HTTP header variables between the WebFOCUS variable table, the application server session, and the HTTP header. For instructions on using this plug-in, see Copying WebFOCUS Variables Using the WebFOCUS Servlet Plug-in.

  If you require pre-processing or post-processing methods not included in the supplied plug-in or for the CGI implementation of the WebFOCUS Client, you can develop your own plug-in (you should extend the class for the existing plug-in so that you can still use its methods). A plug-in for the Servlet version of the WebFOCUS Client must be written in the Java™ language. A plug-in for the CGI version is typically written in the C language, but it can be written in any language that supports the creation of shared objects or dynamic link libraries. Instructions for writing WebFOCUS Servlet plug-ins can be found in Developing Your Own WebFOCUS Plug-in.

On the WebFOCUS Reporting Server, custom programs similar to WebFOCUS Client plug-ins are referred to as exits. The WebFOCUS Reporting Server has two exits that can be used by WebFOCUS:

• Pre-Verify User ID Exit (PVUIDXT). This exit is used to customize WebFOCUS Reporting Server authentication. It can be used to configure the Reporting Server to authenticate against a third-party repository or to enable a WebFOCUS Reporting Server or hub server to establish a secure connection from another WebFOCUS server or from the WebFOCUS Client without checking credentials (because they have already been verified at an earlier point). This exit can also be used to replace the verified user ID with a user ID appropriate to the WebFOCUS Reporting Server being connected to. For more information, see Developing a Reporting Server Authentication Exit.
• WebFOCUS DBA Exit. This exit enables WebFOCUS metadata to use replaceable parameters for data source security. It is typically used to limit which values a user has access to in a data source. For information, see Developing a Dynamic DBA Rule.