Unwired Accelerator uses the Java Authentication and Authorization Service (JAAS) API to secure client- and server-side Java applications. JAAS protects the system from users based on who runs the code and their permissions, and is compatible with various standard security mechanisms such as LDAP.
Unwired Accelerator accesses CSI interfaces indirectly through these standard J2EE security mechanisms:
HttpServletRequest.getUserPrincipal() – returns the name of the current authenticated user. If the user has not been authenticated, the method returns null.
HttpServletRequest.isUserInRole(j2ee_Role) – returns a Boolean value indicating whether the authenticated user is included in the specified logical “role.” If the user has not been authenticated, the method returns false.
If you are using CSI with the PortalDB security provider, Unwired Accelerator uses the following security management functions:
Portal Interface:
Users establish a password when they click Join Now and set up a user profile.
Users can change their passwords from the MyInfo link.
Users can select Reset Password from the login screen to request a new password if they forget theirs. If a valid e-mail address is specified for the resetPasswordEmail property in global.properties.xml file, Unwired Accelerator notifies the PortalAdmin user. (If an e-mail address is not specified, an alternate procedure for notifying the PortalAdmin user must be in place).
The PortalAdmin user requests a new password in the User Editor screen (from Manage | Users/Roles | Users). Unwired Accelerator generates a new password and sends it to the user’s e-mail address.
Mobile Web Studio:
The StudioAdmin user creates a user profile (from Manage | Users/Roles | Users). Unwired Accelerator generates a new password and sends it to the user’s e-mail address.
The StudioAdmin user changes a user’s password by selecting Password in the User Editor screen (from Manage | Users/Roles | Users). Unwired Accelerator generates a new password and notifies the users via an e-mail message.
Studio users can change their passwords from the Account Info link. Unwired Accelerator sends e-mail notification of the password change to the user’s e-mail address.
If you are using CSI with the LDAP security provider, Unwired Accelerator has the following limitations:
cannot change the password from Portal Interface and Mobile Web Studio.
cannot create users from Mobile Web Studio.
cannot reassign roles for users from Mobile Web Studio.
cannot use the Join Link in the Portal Interface login application. You can fix this manually by changing the following pages:
Portal Interface Guest page – disable the Join Now hyperlink. The Login application displayed on the Guest Page contains a Join Now link to enable self-registration. If you use another security provider, Unwired Accelerator cannot create a new user in the security system.
Portal Interface error page – remove the Join Now hyperlink. Likewise the Portal Interface error page shows the Join Now link in case a user login attempt fails. If you use another security provider, you must also remove that link, since Unwired Accelerator cannot create a new user in the security system.
If you are configured to use “CSI” or another security provider, remove the Join Now hyperlink from the two pages as described in “Removing the Join Now Link”.
You must manage these security functions from the LDAP security provider. When an existing LDAP users accesses Portal Interface or Mobile Web Studio, the user must enter account information, even though the information exists in the LDAP registers. The LDAP security provider carries out authorization and authentication.
If you are using Enterprise Security with Unwired Accelerator,
see the Enterprise Security Administration Guide for
information.
Removing the Join Now
Link
Use these steps to remove the Join Now link that appears on the Portal Interface login window. This is necessary only if you are using CSI with LDAP or another security provider.
Modify the Portal Login application to remove the Join Now link from the Portal Login page:
Log in to Mobile Web Studio using an account with StudioAdmin permissions, such as the masuper account.
Select Applications from the menu in the left pane, and Approved from the Application Manager pane.
Select Portal Login and click Edit.
Under Element List, right-click PortalLogin, and select Edit | HTML.
Maximize the New Element HTML window to make it easier to see.
Under HTML, search for the HTML code the includes the
text doJoinNow.
Delete or comment out the code as shown:
<Comment> <TR><TD COLSPAN=2><a href="javascript:if(top.loginStorageFrame) top.loginStorageFrame.doJoinNow(); "><nobr> <SPAN STYLE="font-family:verdana;font-size:10px;font-weight:bold;"> Join Now<BR></SPAN></nobr></a></TD></TR> </Comment>
Click Save.
In Application Builder, click Save and click OK to confirm.
Click Close to close the Application Builder window.
Log out of Mobile Web Studio.
Modify the login.jsp file to remove the Join Now link from the second page that comes up if your login attempt from the Login application fails:
Navigate to the following directory:
SYBASE\tomcat\webapps\onepage\fw\baseApps\fwlogin
Open login.jsp in a text editor.
Search for the HTPL code that includes the text “LP_JOIN_NOW.”
Delete or comment out the code as shown:
<Comment>
<a class=loginLink href="<syp:appContext/>/servlet/
FWControllerServlet?mvcapp=FWRegistration&rid=<%=rid%>" target="_top"><%=(String)messages.get("LP_JOIN_NOW")%></a>
</Comment>
Save the file and close it.
Stop and restart the Tomcat application server to initialize the change.
Open a Web browser window and access Portal Interface, using procedures in “Accessing Portal Interface”. The Join Now link should no longer display on the Portal Login window, or on the Portal Login error window that displays if you attempt to log in unsuccessfully.
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
