Panda team is developing a Web application to change the configuration of Ivy server. alt text

We are creating the login step, so that just the Ivy Admin can access our page. Could you please tell us how to authenticate with the Ivy Administrator account (like the picture at the bottom)

Panda team tried to do :

public static AuthenticationException login(ISession session, String userName, String password) throws PersistencyException
        session.authenticateSessionUser(userName, new Password(password));
        return null;
    catch(AuthenticationException ex)
        return ex;

The result is we just can login with the accounts (IUser) of our application, not the account to manage the server.

Please help us. Thank you very much


asked 15.01.2014 at 11:10

anphunl's gravatar image

accept rate: 50%

edited 16.01.2014 at 09:36

Can you explain me the use case you want to solve by authenticate a system administrator in your application? I may can help you better if I know the root cause of your question.

(16.01.2014 at 09:08) Reto Weiss ♦♦ Reto%20Weiss's gravatar image

Hi Reto Weiss, Thanks for your comment, I updated my question. Could you please take a look?

(16.01.2014 at 09:33) anphunl anphunl's gravatar image

You can make any user of an application a system administrator by granting him all permissions of the system security descriptor type on the system security descriptor.

See file below for more details.

Note the class uses NON Public API and will therefore break in future releases of Xpert.ivy!

package ch.ivyteam.ivy.demo;

import ch.ivyteam.ivy.server.IServer;
import ch.ivyteam.ivy.server.ServerFactory;

// ============================================================
// ============================================================
// The following code access NON PUBLIC API. 
// Therefore this code will break in future Xpert.ivy versions!
// ============================================================
public class SystemAdminMaker 
    public void grantSystemAdminRightsTo(IUser user)
        ISecurityDescriptor systemSecurityDescriptor = getSystemSecurityDescriptor();       
        systemSecurityDescriptor.grantPermissions(getRootPermissionGroup(), user);

    public void ungrantSystemAdminRightsTo(IUser user)
        ISecurityDescriptor systemSecurityDescriptor = getSystemSecurityDescriptor();       
        systemSecurityDescriptor.ungrantPermissions(getRootPermissionGroup(), user);

    private ISecurityDescriptor getSystemSecurityDescriptor() 
        IServer server = ServerFactory.getServer();
        ISecurityManager securityManager = server.getSecurityManager();
        ISecurityDescriptor systemSecurityDescriptor = securityManager.getSystemSecurityDescriptor();
        return systemSecurityDescriptor;

    private IPermissionGroup getRootPermissionGroup()
        return getSystemSecurityDescriptor().getSecurityDescriptorType().getRootPermissionGroup();

answered 17.01.2014 at 16:29

Reto%20Weiss's gravatar image

Reto Weiss ♦♦
accept rate: 74%

Hi Reto Weiss, Thank you very much for your answer. Actually, our problem is not the permission to access the server's information. We are doing like that :

public static List<ienvironment> getEnvironmentList(final IApplication application) throws Exception { return SecurityManagerFactory.getSecurityManager().executeAsSystem(new Callable<list<ienvironment>>() {

        public List<IEnvironment> call() throws Exception {
            return application.getEnvironments();

Now the problem is how can the admin of ivy server log in to our application?

Regards, Phu Nguyen

(20.01.2014 at 05:41) anphunl anphunl's gravatar image

Hi Phu

I know that my answers is not was you have asked. But it is not a good idea to login a system administrator to your application. This is because a system administrator is in fact a user of the "system" application in Xpert.ivy. Because applications are strictly divided it is not possible to login a user of one application to another application. What the code does that I have written in the answer is to give a user of your application the same rights that also the system administrator have. Therefore it turns a user of your application into a system administrator.

(20.01.2014 at 09:00) Reto Weiss ♦♦ Reto%20Weiss's gravatar image

Hi Phu It is also possible to grant the system administrator rights to a role of your application. In this case every user that owns the role automatically inherits the system administrator rights from the role.

(20.01.2014 at 09:01) Reto Weiss ♦♦ Reto%20Weiss's gravatar image

Hi Reto Weiss,

Thank you very much. We will use the users in our application and grant them the needed permission.

Best regards, Phu Nguyen

(20.01.2014 at 09:03) anphunl anphunl's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 15.01.2014 at 11:10

Seen: 2,436 times

Last updated: 20.01.2014 at 09:03