How can we change authentication scope?

0

Panda team is developing a Web application to change the configuration of Ivy server. alt text

We are creating the login step, so that just the Ivy Admin can access our page. Could you please tell us how to authenticate with the Ivy Administrator account (like the picture at the bottom)

Panda team tried to do :

public static AuthenticationException login(ISession session, String userName, String password) throws PersistencyException
{
    try
    {
        session.authenticateSessionUser(userName, new Password(password));
        return null;
    }
    catch(AuthenticationException ex)
    {
        return ex;
    }
}

The result is we just can login with the accounts (IUser) of our application, not the account to manage the server.

Please help us. Thank you very much

Login

asked 15.01.2014 at 11:10

anphunl's gravatar image

anphunl
(suspended)
accept rate: 50%

edited 16.01.2014 at 09:36

Can you explain me the use case you want to solve by authenticate a system administrator in your application? I may can help you better if I know the root cause of your question.

(16.01.2014 at 09:08) Reto Weiss ♦♦ Reto%20Weiss's gravatar image

Hi Reto Weiss, Thanks for your comment, I updated my question. Could you please take a look?

(16.01.2014 at 09:33) anphunl anphunl's gravatar image
One Answer:
active answersoldestnewestmost voted
0

You can make any user of an application a system administrator by granting him all permissions of the system security descriptor type on the system security descriptor.

See SystemAdminMaker.java file below for more details.

Note the class uses NON Public API and will therefore break in future releases of Xpert.ivy!

SystemAdminMaker.java:

package ch.ivyteam.ivy.demo;

import ch.ivyteam.ivy.security.IPermissionGroup;
import ch.ivyteam.ivy.security.ISecurityDescriptor;
import ch.ivyteam.ivy.security.ISecurityManager;
import ch.ivyteam.ivy.security.IUser;
import ch.ivyteam.ivy.server.IServer;
import ch.ivyteam.ivy.server.ServerFactory;

// ============================================================
// ATTENTION:
// ============================================================
// The following code access NON PUBLIC API. 
// Therefore this code will break in future Xpert.ivy versions!
// ============================================================
public class SystemAdminMaker 
{
    public void grantSystemAdminRightsTo(IUser user)
    {
        ISecurityDescriptor systemSecurityDescriptor = getSystemSecurityDescriptor();       
        systemSecurityDescriptor.grantPermissions(getRootPermissionGroup(), user);
    }

    public void ungrantSystemAdminRightsTo(IUser user)
    {
        ISecurityDescriptor systemSecurityDescriptor = getSystemSecurityDescriptor();       
        systemSecurityDescriptor.ungrantPermissions(getRootPermissionGroup(), user);
    }

    private ISecurityDescriptor getSystemSecurityDescriptor() 
    {
        IServer server = ServerFactory.getServer();
        ISecurityManager securityManager = server.getSecurityManager();
        ISecurityDescriptor systemSecurityDescriptor = securityManager.getSystemSecurityDescriptor();
        return systemSecurityDescriptor;
    }

    private IPermissionGroup getRootPermissionGroup()
    {
        return getSystemSecurityDescriptor().getSecurityDescriptorType().getRootPermissionGroup();
    }
}
link

answered 17.01.2014 at 16:29

Reto%20Weiss's gravatar image

Reto Weiss ♦♦
4.9k202857
accept rate: 74%

Hi Reto Weiss, Thank you very much for your answer. Actually, our problem is not the permission to access the server's information. We are doing like that :

public static List<ienvironment> getEnvironmentList(final IApplication application) throws Exception { return SecurityManagerFactory.getSecurityManager().executeAsSystem(new Callable<list<ienvironment>>() {

        @Override
        public List<IEnvironment> call() throws Exception {
            return application.getEnvironments();
        }
    });
}

Now the problem is how can the admin of ivy server log in to our application?

Regards, Phu Nguyen

(20.01.2014 at 05:41) anphunl anphunl's gravatar image
1

Hi Phu

I know that my answers is not was you have asked. But it is not a good idea to login a system administrator to your application. This is because a system administrator is in fact a user of the "system" application in Xpert.ivy. Because applications are strictly divided it is not possible to login a user of one application to another application. What the code does that I have written in the answer is to give a user of your application the same rights that also the system administrator have. Therefore it turns a user of your application into a system administrator.

(20.01.2014 at 09:00) Reto Weiss ♦♦ Reto%20Weiss's gravatar image

Hi Phu It is also possible to grant the system administrator rights to a role of your application. In this case every user that owns the role automatically inherits the system administrator rights from the role.

(20.01.2014 at 09:01) Reto Weiss ♦♦ Reto%20Weiss's gravatar image

Hi Reto Weiss,

Thank you very much. We will use the users in our application and grant them the needed permission.

Best regards, Phu Nguyen

(20.01.2014 at 09:03) anphunl anphunl's gravatar image

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×16

Asked: 15.01.2014 at 11:10

Seen: 3,239 times

Last updated: 20.01.2014 at 09:03

Related questions

How to authenticate a user that is provided by a Single Sign On (SSO) proxy.

Does AXon ivy support Login Register forms (register,forgot password,login) ?

Calling NTLM protected REST service with SSO

REST token authentication

How to connect To SystemDB using Windows-Authentification

Can i turn on/off webservice authentication programmatically

REST API and JSESSIONID

Login page on Process Start with http-request link and 'Only wf users' set to true

How to set information for logon IUser without permanently store to system?

Change Server Configuration From SQL Server Authetication to Windows Authentication