Extensible Authentication |
Extensible Authentication allows using an authentication mechanism as well as looking up Roles independently from the Application Server.
Authentication
The RequestNotifier Extension mechanism can be used to verify whether a user is authenticated. When using this, be sure that web.xml does not protect the ViewsFlash application or its servlets. In surveys, use Basic Authentication as the authentication method. See AuthenticationSkeleton.java for sample code.
1. Create a class com.cogix.vwf.YourExtensionClass that extends RequestNotifier, and override its OnRequest method as follows:
If the user is successfully authenticated, set:
thiscall.userid
= theUserID; // a String with the User ID.
If the user is not authenticated,
set:
thiscall.userid=null
If browser redirection is needed to delegate authentication
to an authentication
server, set:
thiscall.bRediraftersetattribute = true;
thiscall.rediraftersetattribute = reqURL; // usually will contain the original
ViewsFlash query string
2. Add to viewsflash.properties:
requestnotifierextension=com.cogix.vwf.YourExtensionClass
3. If there is a severe internal error, throw new vwfException(String message). The message WILL be visible to the visitor. It is better to simply set thiscall.userid=null and use a logging function to record the error.
Role Lookup
The Role Lookup Extension mechanism can be used to verify whether an authenticated user is in a particular Role. When using this, the Application Server's role lookup method, if any, will be ignored. To activate it, add the appropriate lookuprole parameter to viewsflash.properties, as follows:
1. To use an LDAP server,
see Using LDAP and add:
lookuprole=LDAPLookupRole
2. To look up roles in a properties file, add:
lookuprole=FileLookupRole
This will look for a servlet parameter
filelookuproleproperties=<path to a file>
If this parameter is not present, the file will default to /etc/cogix/fileroles.properties
This file has the following format:
user=role,role,role,role,role (no limit on how many)
Spaces are ignored.
For example:
sally=Creator,MedicalFaculty,LawFaculty
ivan= Creator,Analyst,MedicalFaculty
peter=Analyst,MedicalFaculty
tom= VFAdministrator
eric= Creator,Analyst,Examiner,MedicalFaculty
jenny=VFAdministrator,Creator,Analyst,Examiner,Producer,MedicalFaculty,LawFaculty
sandy=Examiner,LawFaculty
bob= Analyst,Examiner,MedicalFaculty
lucy= Creator,Analyst,LawFaculty
mary= Creator,Producer,LawFaculty
Role names are arbitrary. They do not need to correspond to any role or
group names in the Application Server.
3. To look up user roles in a database table, add:
lookuprole=DBLookupRole
See DBLookupRole.java for sample code.
These role names are arbitrary. They do not need to correspond to any role
or group names in the Application Server.
4. To use your own extension, use FileLookupRole.java as an example, and create
your own class, and activate it with servlet parameter:
lookuprole=YourRoleLookup