{"id":2622,"date":"2015-01-09T18:48:40","date_gmt":"2015-01-09T18:48:40","guid":{"rendered":"https:\/\/ephesoft.com\/docs\/?p=2622"},"modified":"2020-05-19T12:24:20","modified_gmt":"2020-05-19T19:24:20","slug":"security-restricting-access-to-certain-ephesoft-web-pages","status":"publish","type":"docs","link":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/","title":{"rendered":"Security: Restricting access to certain Ephesoft Web Pages"},"content":{"rendered":"
\n
Applies to:<\/strong> v3.0.x to v4.0.2.0<\/div>\n
<\/div>\n
<\/div>\n
Administrators can authorize access to these URLs using group\/role names defined in Tomcat, LDAP and MS Active Directory. Web.xml can be found here: *{EPHESOFT_ROOT_DIR}\\Application\\WEB_INF\\web.xml By Default all URLs authorized by all groups by using “*” in the auth-constrain node:<\/div>\n

<auth-constraint><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name>*<\/role-name><\/i><\/p>\n

<\/auth-constraint><\/i><\/p>\n

To authorize a specific security role, LDAP container), administrators should modify the role-name node.<\/p>\n

\u00a0<\/b><\/p>\n

Examples:<\/b><\/p>\n

1) to allow a role to access BatchInstanceManagement.html(role taken here admin):<\/p>\n

\u00a0\u00a0 <security-constraint><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <web-resource-collection><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <web-resource-name>batch instance management<\/web-resource-name><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <url-pattern>\/BatchInstanceManagement.html<\/url-pattern><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <http-method>GET<\/http-method><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <http-method>POST<\/http-method><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/web-resource-collection><\/i><\/p>\n

\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<auth-constraint><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name>admin<\/role-name><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/auth-constraint><\/i><\/p>\n

\u00a0\u00a0 <\/security-constraint><\/i><\/p>\n

Here we have allowed the role by mentioning it in the auth-constraint tag.<\/p>\n

2) To allow multiple roles to access BatchInstanceManagement.html do the following configuration(roles taken here are role2 and admin):<\/p>\n

 <\/p>\n

<security-constraint><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <web-resource-collection><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <web-resource-name>batch instance management<\/web-resource-name><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <url-pattern>\/BatchInstanceManagement.html<\/url-pattern><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <http-method>GET<\/http-method><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <http-method>POST<\/http-method><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/web-resource-collection><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <auth-constraint><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name>role2<\/role-name><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name>admin<\/role-name><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/auth-constraint><\/i><\/p>\n

\u00a0\u00a0 <\/security-constraint><\/i><\/p>\n

Here the <Security-role> tag need not to be modified. It can remain as it is with a single entry (*) allowing all groups. However it may give warnings if security-role tag is not mapped to groups individually. These warnings can be eliminated by providing mapping for roles in <security-role> tag.<\/p>\n

<security-role><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name>*<\/role-name><\/i><\/p>\n

\u00a0<\/security-role><\/i><\/p>\n

 <\/p>\n

Active Directory Example<\/strong>:<\/p>\n

Say I want to restrict:
\nBatchClassManagement.html<\/p>\n

The AD group Distinguished Names from jexplorer i want access to this page are:
\nCN=GSTIRAAdmin,OU=Identifi,DC=ts2000,DC=com
\nCN=GSTIRAPowerUsers,OU=Identifi,DC=ts2000,DC=com
\nCN=GSTIRAUsers,OU=Identifi,DC=ts2000,DC=com<\/p>\n

For example, for the roles above…the entry would like like:<\/p>\n

<security-constraint><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <web-resource-collection><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <web-resource-name>batch instance management<\/web-resource-name><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <url-pattern>\/BatchInstanceManagement.html<\/url-pattern><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <http-method>GET<\/http-method><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <http-method>POST<\/http-method><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/web-resource-collection><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <auth-constraint><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name><\/i>GSTIRAAdmin<\/role-name><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <role-name><\/i>GSTIRAPowerUsers<\/role-name>
\n<\/i>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <role-name><\/i>GSTIRAUsers<\/role-name><\/i><\/i><\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/auth-constraint><\/i><\/p>\n

\u00a0\u00a0 <\/security-constraint><\/i><\/p>\n<\/div>\n","protected":false},"featured_media":0,"parent":22092,"menu_order":1,"comment_status":"closed","ping_status":"open","template":"","doc_tag":[],"yoast_head":"\nSecurity: Restricting access to certain Ephesoft Web Pages | Ephesoft Docs<\/title>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security: Restricting access to certain Ephesoft Web Pages\" \/>\n<meta property=\"og:description\" content=\"Applies to: v3.0.x to v4.0.2.0 Administrators can authorize access to these URLs using group\/role names defined in Tomcat, LDAP and […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/\" \/>\n<meta property=\"og:site_name\" content=\"Ephesoft Docs\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-19T19:24:20+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/\",\"url\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/\",\"name\":\"Security: Restricting access to certain Ephesoft Web Pages | Ephesoft Docs\",\"isPartOf\":{\"@id\":\"https:\/\/ephesoft.com\/docs\/#website\"},\"datePublished\":\"2015-01-09T18:48:40+00:00\",\"dateModified\":\"2020-05-19T19:24:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/ephesoft.com\/docs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Transact\",\"item\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"System Configuration\",\"item\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Security Configuration\",\"item\":\"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Security: Restricting access to certain Ephesoft Web Pages\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ephesoft.com\/docs\/#website\",\"url\":\"https:\/\/ephesoft.com\/docs\/\",\"name\":\"Ephesoft Docs\",\"description\":\"Intelligent Document Processing Made Easy\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ephesoft.com\/docs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Security: Restricting access to certain Ephesoft Web Pages | Ephesoft Docs","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"Security: Restricting access to certain Ephesoft Web Pages","og_description":"Applies to: v3.0.x to v4.0.2.0 Administrators can authorize access to these URLs using group\/role names defined in Tomcat, LDAP and […]","og_url":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/","og_site_name":"Ephesoft Docs","article_modified_time":"2020-05-19T19:24:20+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/","url":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/","name":"Security: Restricting access to certain Ephesoft Web Pages | Ephesoft Docs","isPartOf":{"@id":"https:\/\/ephesoft.com\/docs\/#website"},"datePublished":"2015-01-09T18:48:40+00:00","dateModified":"2020-05-19T19:24:20+00:00","breadcrumb":{"@id":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/security-restricting-access-to-certain-ephesoft-web-pages\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ephesoft.com\/docs\/"},{"@type":"ListItem","position":2,"name":"Transact","item":"https:\/\/ephesoft.com\/docs\/products\/transact\/"},{"@type":"ListItem","position":3,"name":"System Configuration","item":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/"},{"@type":"ListItem","position":4,"name":"Security Configuration","item":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/"},{"@type":"ListItem","position":5,"name":"Security: Restricting access to certain Ephesoft Web Pages"}]},{"@type":"WebSite","@id":"https:\/\/ephesoft.com\/docs\/#website","url":"https:\/\/ephesoft.com\/docs\/","name":"Ephesoft Docs","description":"Intelligent Document Processing Made Easy","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ephesoft.com\/docs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"comment_count":0,"_links":{"self":[{"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/docs\/2622"}],"collection":[{"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/types\/docs"}],"replies":[{"embeddable":true,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/comments?post=2622"}],"version-history":[{"count":0,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/docs\/2622\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/docs\/22092"}],"next":[{"title":"Configure Batch Class Encryption","link":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/how-to-configure-batch-class-encryption\/","href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/docs\/2672"}],"prev":[{"title":"Password Masking","link":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/security-configuration\/password-masking\/","href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/docs\/1081"}],"wp:attachment":[{"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/media?parent=2622"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/doc_tag?post=2622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}