Select Page

Securing the Administrative Interfaces in Ephesoft

by | Jul 25, 2011 | Ephesoft | 0 comments

To ensure only administrators are able to log into the administrative interfaces you can modify the configuration to specify the group(s).  The configuration that needs to be modified can be found in the web.xml located in:

Ephesoft Install DirectoryApplicationWEB-INF

 

The groups can be specified in the security constraint element for each piece of functionality.  The following specifies the administrative functionality setting the group to a group created in the Active Directory instance (this can also be a local LDAP group if using the out-of-the-box security).  The value in the role-name should be set to the group name(s) desired to access the administrative interfaces.

 <security-constraint>
 <web-resource-collection>
 <web-resource-name>batch class management</web-resource-name>
 <url-pattern>/BatchClassManagement.html</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>Ephesoft Admin</role-name>
 </auth-constraint>
 </security-constraint>
 
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>batch instance management</web-resource-name>
 <url-pattern>/BatchInstanceManagement.html</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>Ephesoft Admin</role-name>
 </auth-constraint>
 </security-constraint>
 
 
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>reporting</web-resource-name>
 <url-pattern>/Reporting.html</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>Ephesoft Admin</role-name>
 </auth-constraint>
 </security-constraint>

After you modify and save the file, restart the Ephesoft process.  Log in as a user in the admin groups specified in the configuration.   The admin user should be able to access the administrative interfaces (Batch Class Management, Batch Instance Management and Reporting). Logout and back in as a user that is not in the admin group.  When trying to access an administrative interface the user should get an error of “Sorry, You are not authorized to view this page”.   As the same user verify that the user can access the Batch List interface.

Please send me any questions or corrections.

 

Submit a Comment

Pin It on Pinterest

Sharing is caring

Share this post with your friends!