How to: |
When using collection-level security, users are given access to certain collections. In a secured environment, specific users may not always have authorization to see all of the available collections of data. The collection-level security provides a framework to authenticate and authorize users access to the collection drop-down. Once Magnify users are validated and their authorization determined, the appropriate collections are enabled for search and displayed in the drop-down list of the Magnify search-based application interface.
Collection-level security is enabled using the Magnify Console. It is implemented using a Servlet Filter configured in the WebFOCUS web application. The CollectionsSecurityFilter appends parameters to the request URL that determine the collections the user can search. By default, the CollectionsSecurityFilter calls a login page to obtain the userid and password. The user is then authenticated against the configuration file, magnify_security.xml. These files are defined in the \ibi\WebFOCUS\webapps\webfocus\WEB-INF\web.xml file of the WebFOCUS application as follows:
<filter> <filter-name>CollectionsSecurityFilter</filter-name> <filter-class> ibi.search.securityplugins.CollectionsSecurityFilter </filter-class> <init-param> <param-name>passwordFileName</param-name> <param-value>passwordfile_path</param-value> </init-param> <init-param> <param-name>jspfile</param-name> <param-value>loginpage_path</param-value> </init-param> </filter>
where:
Is the location of the file that contains the user IDs and passwords. The default value is config/magnify/magnify_security.xml. This parameter is optional.
Is the relative path to the login page. Magnify provides a sample login page in the WebFOCUS web application. The default value is search/jsp/magnifylogin.jsp. This parameter is optional.
You can modify the CollectionsSecurityFilter filter to integrate with an existing security framework. To update the filter, you can access the source code in the \ibi\WebFOCUS\webapps\webfocus\WEB-INF\classes\ibi\search\securityplugins directory.
The magnify_security.xml sample configuration file is located in the \ibi\WebFOCUS\config\magnify directory. Users are defined within the user element as follows:
<user username="admin" password="admin" usernametodisplay="Administrator" roles="admin,manager,user,guest,corpofficer" rights="adminrights"/>
The following attributes are defined for each Magnify user:
<xsl:if test="/GSP/PARAM[@name='usernametodisplay']/@value != ''"> <div style="text-align:right"> <xsl:value-of select="$user"/> <xsl:call-template name="nbsp"/> <xsl:value-of select="/GSP/PARAM[@name='usernametodisplay'] /@value"/> </div> </xsl:if>
Note: The roles attribute is not used by collection-level security.
The collections that each user is authorized to search are defined within the rights element as follows:
<rights id="adminrights" collections_descriptions="Century Electronics KB,Customer Profiles, Employee Directory,Sales Records,Shipping Centers, Product Catalog,Franchises," collections_values="default_collection,customers,employees, orders,plants,products,stores," collections_value_preselected="default_collection"/>
The following attributes are defined for the rights element:
Note: The collections_descriptions and collections_values defined in the magnify_security.xml file override the same attributes in the Magnify style sheet.
WebFOCUS |