Embedded Files
WOW Security Protocols
Securing Applications
WOW contains multiple ways of securing applications, shown in the drop down below. When creating
or editing an application, you can choose which type of security it uses. All of the security options are
described below.
Local Users Only
Local Users Only
When a user attempts to use an application, WOW examines the IP address of that user. If the IP indicates
that the user is on the local network (i.e. not connecting via the Internet) the user is allowed to use the
application. Otherwise the user is locked out and cannot use the application.
Local Users Only or Operating System Profile
This sign on option allows local users (as described above) to access the application without entering a user
ID or password. Non-local users must enter a user ID and password recognized by the underlying operating
system (or database system) before using the application.
Operating System Plus Operation Authentication
Operating System Plus Operation Authentication
This type of sign on can be useful to validate a user against an operating system (or more specifically, a
database system). This feature prompts the user for a user ID and password that it validates against the
database. Users with a valid database sign on will be allowed to use your application – those who cannot
sign onto the database will be locked out of the application as well.
Many organizations choose to use Operating System Profile to secure their applications. This presents the
benefit that you do not have to create a whole new table to manage users and their credentials; you can
simply utilize your database’s existing user profiles. However, in some cases, you may want to also secure
specific operations or fields within your application. In this case, you can use Operating System Profile to
secure the application and then SQL Authorization operations to secure individual operations and fields. See
chapter 19.5 for more information on using SQL Authorization operations.
NOTE: When WOW performs Operating System authentication, it stores the Userid of a successful sign-on in
the user sign-on row in the session. This userid can now be accessed from any WOW SQL statements using
the following row parameter: ???USERID
For example:
SELECT * FROM library.table WHERE user = ???USERID
This statement would return all records in the specified table that have a “user” value that matches the “USERID”
used to sign into the application.
This feature is commonly called SELF SERVICE.
TAGS: Current user, filter by user, select by current user
More information on WOW Self Service can be found HERE.
Operating System Plus Operation Filtered Authentication
Operating System Plus Operation Filtered Authentication
[PRO or EE Required]
Databases and Operating Systems commonly have advanced facilities for managing users and passwords. Passwords in particular require special encryption change policies, number of characters, and other special processing. WOW applications commonly require user authentication using operating system or database user profiles but then further restrict application access to a subset of users.
For example, ABD Corporation is using the IBM AS/400 and has 800 valid user profiles. AS/400 provides all the password management. ABD Corporation wants a WOW application that would allow only “HR Administrators” (Human Resources Administrators) access to a particular application. Out of the 800 totals users, let's say only 8 users are "HR Administrators". In summary, we want AS/400 to authenticate the users initially but then only allow the 8 users access to the application. In order to do this, a new feature has been added into WOW 7.1. The following is an example of how this new feature works.
.Setup Operating System Plus Operation Filtered Authentication
Create a WOW application.
Create an “Authentication” operation.
Operation Type - must be “ Authentication” as shown above.
Operation Code - the SQL must return a 1st column that will have the user id of those who are authorized to access the application.
Operation Class - must specify the following: (as shown below)
planetj.dataengine.operation.UserAuthorizationOperation
This is a Java class that will execute the SQL supplied in the operation and then compare the current user to the list of users returned by the SQL. If the current user is in the list, they are allowed access. It is recommended that you independently test your SQL in a test WOW application to verify it returns the correct set of user id’s.
Usage Id - This field must be set to -99 as shown below:
Edit the WOW application and set the Sign On Type to:
“Operating System Plus Operation Sign On”
Set the Sign on Operation to: “OS PLUS OPERATION”
Which was created in step #2 and shown below.
4. Final step would be to RUN the application.
In this example: the authentication allows ONLY the employee with the user id and job of “HR Admin” to access the application. As shown below:
Personal Connection Pool
Personal Connection Pool
The Personal Connection Pool sign on validates a user ID and password against the database, much like the
Operating System Profile sign on. However, when an application uses the Personal Connection Pool sign on
method, all database accesses by that application will be tied to the profile of whichever user has signed onto
the application and requested that database access. All other sign on methods use a shared pool of database
connections when accessing the database – this can significantly improve performance but means that the
database cannot determine which particular user is accessing it, only which application is doing the access.
This sign on type should be selected when the database needs to know which user is accessing it.
Operating System Profile Plus Operation
Operating System Profile Plus Operation
The Operating System Profile Plus Operation sign on is almost identical to an Operating System Profile sign on,
with the exception that after the user is authenticated against the operating system or database, an SQL
operation is run to retrieve a property Row.
Steps for configuring Operating System Plus Operation Authentication
1) Within the application, create an operation of type Authentication. Set the Operation Code to the SQL that
will be used to retrieve the desired properties Row. Use a built-in parameter such as ???USERID (the user ID
used to sign onto the application) to filter the results returned from the operation so they correspond with the
user signing on:
2) Edit the application and change the following:
Sign On Type = Operating System Plus Operation Sign On
Sign On Operation = the operation from step 1.
Google Authentication
This is possible using the WOW Add-on Product for Google Integration. For more info, email support@planetjavainc.com
Page updated
Report abuse