UA requires all authenticated users to have the “everybody” role to access UA. An authorizer called com.sybase.security.helpers.EveryobodyRoleAuthorizer is available to facilitate this task. This authorizer passes the “everybody” role check for any user. Thus, you can configure the LDAP providers as follows:
<config:authenticationProvidername="com.sybase.security.ldap.LDAPLoginModule" controlFlag="optional" /> <config:provider name="com.sybase.security.ldap.LDAPAttributer" type="attributer" /> <config:provider name="com.sybase.security.core.RoleCheckAuthorizer" type="authorizer" /> <config:provider name="com.sybase.security.helpers.EverybodyRoleAuthorizer" type="authorizer" />
Additionally, there is an authorizer called com.sybase.security.portaldb.PortalDBAuthorizer, which extends from RoleCheckAuthorizer and processes the “everybody” role as EverybodyRoleAuthorizer.
If you are using only the LDAP server to perform user role checks, the configuration is similar to:
<config:authenticationProvidername="com.sybase.security.ldap.LDAPLoginModule" controlFlag="optional" /> <config:provider name="com.sybase.security.ldap.LDAPAttributer" type="attributer" /> <config:provider name="com.sybase.security.portaldb.PortalDBAuthorizer" type="authorizer" > <config:options name="AlwaysUsePortalDBRoles" value="false" /> <config:options name="AlwaysUsePortalDBPermissions" value="false"/> </config:provider>
The authorizer also provides two configuration options:
AlwaysUsePortalDBRoles – if an administrator uses Mobile Web Studio to manage user roles, the role check process should be against the LDAP server as well as PortalDB. The configuration for this option looks like this:
<config:provider name="com.sybase.security.portaldb.PortalDBAuthorizer" type="authorizer" > <config:options name="AlwaysUsePortalDBRoles" value="true" /> <config:options name="AlwaysUsePortalDBPermissions" value="false"/>
AlwaysUsePortalDBPermissions – if you want users to undergo PortalDB access permissions check in addition to role-based checks, you can configure the option this way:
<config:provider name="com.sybase.security.portaldb.PortalDBAuthorizer" type="authorizer" > <config:options name="AlwaysUsePortalDBRoles" value="true" /> <config:options name="AlwaysUsePortalDBPermissions" value="true"/>
