{"id":2622,"date":"2015-01-09T18:48:40","date_gmt":"2015-01-09T18:48:40","guid":{"rendered":"https:\/\/ephesoft.com\/docs\/?p=2622"},"modified":"2020-05-19T12:24:20","modified_gmt":"2020-05-19T19:24:20","slug":"security-restricting-access-to-certain-ephesoft-web-pages","status":"publish","type":"docs","link":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/","title":{"rendered":"Security: Restricting access to certain Ephesoft Web Pages"},"content":{"rendered":"
<auth-constraint><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name>*<\/role-name><\/i><\/p>\n
<\/auth-constraint><\/i><\/p>\n
To authorize a specific security role, LDAP container), administrators should modify the role-name node.<\/p>\n
\u00a0<\/b><\/p>\n
Examples:<\/b><\/p>\n
1) to allow a role to access BatchInstanceManagement.html(role taken here admin):<\/p>\n
\u00a0\u00a0 <security-constraint><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <web-resource-collection><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <web-resource-name>batch instance management<\/web-resource-name><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <url-pattern>\/BatchInstanceManagement.html<\/url-pattern><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <http-method>GET<\/http-method><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <http-method>POST<\/http-method><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/web-resource-collection><\/i><\/p>\n
\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<auth-constraint><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name>admin<\/role-name><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/auth-constraint><\/i><\/p>\n
\u00a0\u00a0 <\/security-constraint><\/i><\/p>\n
Here we have allowed the role by mentioning it in the auth-constraint tag.<\/p>\n
2) To allow multiple roles to access BatchInstanceManagement.html do the following configuration(roles taken here are role2 and admin):<\/p>\n
<\/p>\n
<security-constraint><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <web-resource-collection><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <web-resource-name>batch instance management<\/web-resource-name><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <url-pattern>\/BatchInstanceManagement.html<\/url-pattern><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <http-method>GET<\/http-method><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <http-method>POST<\/http-method><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/web-resource-collection><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <auth-constraint><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name>role2<\/role-name><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name>admin<\/role-name><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/auth-constraint><\/i><\/p>\n
\u00a0\u00a0 <\/security-constraint><\/i><\/p>\n
Here the <Security-role> tag need not to be modified. It can remain as it is with a single entry (*) allowing all groups. However it may give warnings if security-role tag is not mapped to groups individually. These warnings can be eliminated by providing mapping for roles in <security-role> tag.<\/p>\n
<security-role><\/i><\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name>*<\/role-name><\/i><\/p>\n
\u00a0<\/security-role><\/i><\/p>\n
<\/p>\n
Active Directory Example<\/strong>:<\/p>\n Say I want to restrict: The AD group Distinguished Names from jexplorer i want access to this page are: For example, for the roles above…the entry would like like:<\/p>\n <security-constraint><\/i><\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <web-resource-collection><\/i><\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <web-resource-name>batch instance management<\/web-resource-name><\/i><\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <url-pattern>\/BatchInstanceManagement.html<\/url-pattern><\/i><\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <http-method>GET<\/http-method><\/i><\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <http-method>POST<\/http-method><\/i><\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/web-resource-collection><\/i><\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <auth-constraint><\/i><\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name><\/i>GSTIRAAdmin<\/role-name><\/i><\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name><\/i>GSTIRAPowerUsers<\/role-name> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/auth-constraint><\/i><\/p>\n \u00a0\u00a0 <\/security-constraint><\/i><\/p>\n<\/div>\n","protected":false},"featured_media":0,"parent":22092,"menu_order":1,"comment_status":"closed","ping_status":"open","template":"","doc_tag":[],"yoast_head":"\n
\nBatchClassManagement.html<\/p>\n
\nCN=GSTIRAAdmin,OU=Identifi,DC=ts2000,DC=com
\nCN=GSTIRAPowerUsers,OU=Identifi,DC=ts2000,DC=com
\nCN=GSTIRAUsers,OU=Identifi,DC=ts2000,DC=com<\/p>\n
\n<\/i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <role-name><\/i>GSTIRAUsers<\/role-name><\/i><\/i><\/p>\n