| Author |
Message
|
| ben harris |
 Posted: Thu Aug 07, 2003 8:15 am Post subject: [SOLVED]WebClient + Logon4 -- configure/code the webclient? |
 |
|
Novice
Joined: 25 Jun 2003
Posts: 19
|
I would like my WebClient to use one of the authentication logon methods when accessing my WFEngine. I don't want to use my WebServers BasicAuthentication. I would like the Logon.jsp to take the username and password and pass them to my Engine where the AuthExit will do the rest.
How do I configure my WebClient so that it uses the secure logon method over the unsecure (for example, use logon4 rather than logon2)?
It appears that the webclient uses either logon or logon2 by default, I'd like to change this but I am stuck.
I can't figure out which(if any) class I might need to override or whether I need to simply make some change in the webClient.properties file.
Thanks for any help.
Ben. |
|
| Back to top |
|
 |
| vennela |
| Posted: Thu Aug 07, 2003 12:23 pm Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
| I think what you are trying to do is achieved by Authentication Exit. Instead of Workflow authenticating the user, your Authentication Exit would validate the user credentials and return a corresponding workflow user. |
|
| Back to top |
|
|
| ben harris |
| Posted: Thu Aug 07, 2003 12:42 pm Post subject: |
|
|
Novice
Joined: 25 Jun 2003
Posts: 19
|
Yes, your correct.
The AuthExit defined for my Workflow Server will validate the user. Tested and works like a champ. 
But the AuthExit is only invoked when you logon using the Logon3() or Logon4() method. The other two methods validate using the definitions of a user within the Workflow Server.
The web client uses either the Logon() or Logon2() method by default.
I need to change that so the web client will attempt to logon and invoke the Workflow Server AuthExit to validate the user.
Any ideas?
I was thinking I might be able to either define a new CommandAdaptor or create a new Handler but I am not sure where to start. And I am not sure if that is the right direction. It seems like a lot of work just to get the webclient to access the workflow server using an authexit logon method.
This also assumes that the fmcohcli.jar has the logon object/method(?) coded so that it is possible to switch over from a Logon() to a Logon3().
Ben. |
|
| Back to top |
|
|
| jmac |
| Posted: Thu Aug 07, 2003 1:09 pm Post subject: |
|
|
Jedi Knight
Joined: 27 Jun 2001
Posts: 3081
Location: EmeriCon, LLC
|
Ben:
I think the issue is that you will need to write the getCredentials method in a command handler... When this method returns non-null Thin client does a logon4 otherwise it does a logon2
GOOD LUCK
_________________
John McDonald
RETIRED |
|
| Back to top |
|
|
| ben harris |
| Posted: Fri Aug 08, 2003 7:32 am Post subject: |
|
|
Novice
Joined: 25 Jun 2003
Posts: 19
|
I did it. It was a lot easier then I thought.
Here is what I did for anyone who is referencing this thread for this info.
step1: Create a new handler. Below is my complete code:
package com.ben.workflow.servlet;
import java.beans.PropertyVetoException;
import javax.servlet.http.HttpServletRequest;
import com.ibm.workflow.servlet.client.ClientException;
import com.ibm.workflow.servlet.client.Config;
import com.ibm.workflow.servlet.client.GenericCommandHandler;
public class AuthenticationHandler extends GenericCommandHandler {
public byte[] getCredentials(HttpServletRequest req) throws ClientException
{
String user = req.getParameter("userID");
if ( user == null ) {
ClientException ce = new ClientException( req, "UserId is null");
throw ce;
}
String pwd = req.getParameter("password");
if ( pwd == null ) {
ClientException ce = new ClientException( req, "Password value is null");
throw ce;
}
// ----> This string format is specific to my personal AuthExit implementation
byte[] credBytes = (new String("User:" + user + ";PassWord:" + pwd)).getBytes();
return credBytes;
}
public void init(Config config)
{
super.init(config);
}
}
step 2: update the webclient.properties file:
....
[CommandHandlerAdapter]
com.ben.workflow.servlet.AuthenticationHandler = 0
step 3: restart webshpere. And access the server from the same Logon.jsp you were using before. (No changes required to the Logon.jsp)
And BAM! there it is.
Why did I do this? Iam using MQWF 3.3.2 and I don't want manage my users from build time. So I have an LDAP instance which shadows the employee database and caches just a subset of those users -- the workflow users. My LDAP is regularly checked and updated automatically. When an update occurs a new FDL file is generated which contains just users. That FDL is imported to my server. This also allows me to just focus on the user base and the users can manage their own passwords in the LDAP tree and I don't have to do it from the buildtime.
Thanks for the help.
Ben. |
|
| Back to top |
|
|
| vennela |
| Posted: Fri Aug 08, 2003 10:17 am Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
That information helps
| Quote: |
| When an update occurs a new FDL file is generated which contains just users. That FDL is imported to my server. |
How did you do this. Did you use LDAP bridge to do this or is it your home grown application that will do the task for you. |
|
| Back to top |
|
|
| ben harris |
| Posted: Fri Aug 08, 2003 10:27 am Post subject: |
|
|
Novice
Joined: 25 Jun 2003
Posts: 19
|
I am not using the LDAP bridge. When I upgrade to version 3.4 I will look into using that feature.
I have a home grown tool that analyzes the LDAP tree structure and generates the FDL. It's some very short code as it lent itself well to some recursive programming. It's not flexable beyond my needs though. It serves me very well, but it wouldn't do much good to someone who requires strict roles or something.
Ben. |
|
| Back to top |
|
|
|
|
