Field Level Authorization
[PRO] Access to a field may be restricted in two ways.
Authorization to Read- Authorized users has access to view the field but not necessarily edit the field.
Authorization to Edit- Authorized users has access to edit the field. This applies only if the field is visible to them.
A field may be secured for Read or Edit by either type of authorization operation.
Both types of access can be used together to provide field security that may be:
Visible/Editable by a group of users while hidden from another group.
Visible/Editable by a group of users while Visible/Not Editable to another group.
Visible/Not Editable by a group of users while Not Visible from another group.
Assigning an Authorization Operation to a Field
A Field Descriptor should already have been created for the field that requires the authorization operation.
In the field descriptor:
This is the screen where the application builder sets the Authorization Operation on the Field to be secured. Each relevant setting is described below.
Authorization Settings
All Authorization Operations defined for the current application should appear in the drop down selection.
Read Authorization Operation - Only users returned by the Authorization Operation will have access to view this field. If no operation is selected all users with be authorized to view this field.
Edit Authorization Operation - Only users returned by the Authorization Operation will have access to edit this field. If no operation is selected all users with be authorized to edit this field.
Both User Authorization List Operations and User Authorization Operations apply.
Assigning an Authorization Operation to an Operation
Current Application - Edit Operation
This is the screen where the application builder sets the Authorization Operation on the SQL Operation to be secured. Each relevant setting is described below.
Administration
Security Type - Operation Security.
Execute Authority Operation - Used when the security type is set to Operation Security. Specifies the User Authorization Operation used to limit access to the operation. Only users matching the specified criteria will have access to view and run the operation. (i.e. have one of a set of usernames, or belong to a user group, etc.) If no operation is selected, all users will be authorized to execute this operation. All User Authorization Operations defined for the current application should appear in the drop down selection.
Any type of User Authorization Operation is supported. This includes User Authorization List Operations and User Authorization (SQL) Operations and the User Group variations of those operations.
Auto Logins
The SignOn property group can be placed in an Application’s properties to have WOW remember the user name and password of users when they sign into an application:
SignOn {
auto: login;
}
WOW stores user logins in the cookies of a user's browser, so when that user goes to the same application again the user's user name and password are read from the cookie and used to sign the user onto the application. WOW will encrypt the login information before storing it in the cookie using an default encryption key. For additional security you can have WOW use a password you provide to generate its encryption key instead of using the default encryption key. To supply WOW with the an encryption password you should create either an servlet init parameter or a servlet context parameter with a name of "wow.encryption.password" and the actual password as the parameter value.
For example, to set an encryption password of "WOW_is the be$t!" as a servlet init parameter you would add the following to the web.xml file in WEB-INF:
<init-param id="Example_password">
<param-name>wow.encryption.password</param-name>
<param-value>WOW_is the be$t!</param-value>
</init-param>
On a Tomcat server you can set the encryption password as a servlet context parameter by adding it to the <Tomcat Home>/conf/context.xml file. When it is added to that file it will apply to all contexts on the server. The syntax for adding the encryption password to that file is:
<Parameter name="wow.encryption.password" value="WOW_is the be$t!" />
When choosing an encryption password you should follow the "best practices" for picking strong passwords: A minimum of 12 characters (preferably longer) consisting of mixed case letters, as well as numbers and symbols.
Deploying Applications
Once an application has been built, it is ready to be run by users. A WOW application can be run by any user on your network or Internet/Intranet/Extranet. WOW applications can be run by specifying a URL in the form:
http://yourIP/wow64/run?id=x where yourIP is the TCP/IP address of the WOW server and x is the WOW application ID.
The IP can be found by opening a DOS window on the WOW server and issuing an IPCONFIG command as shown below:
In this example, WOW applications can be run using:
http://192.168.0.2/wow64/run?id=0
...where 0 is the WOW application ID which is found in the Application menu in the WOW Builder. Each new WOW application gets the next sequential number.
NOTE: Tomcat and WOW install by default on port 8080 which would require a URL such as: http://192.168.0.2:8080/wow64/run?id=0.
Tomcats port can be configured in the default Tomcat directly (…/config/server.xml). See Tomcat documentation for details.