RTView offers role based security that allows you to limit access to displays based on the user's role. To use this security feature, you must define the users that can access RTView and assign each one a password and one or more associated roles. The role definitions allow you to specify which displays users can access. By default, user and role definitions are stored in XML files. Alternatively, you can define your users using the GmsCustomUserManager (see “Custom User Manager” for more information) and your roles using the GmsCustomRoleManager (see “Custom Role Manager” for more information). For general information on RTView role based secutiry, see “Role-based Security”.
Defining Users in a Custom User Manager Class
Note: This section assumes you have a working knowledge of writing, compiling and deploying Java classes.
The Custom User Manager class extends the functionality of RTView by allowing you to write Java code that gets called when the user is logs in. You can use this class to implement your own mechanism for validating users, such as getting user information from a database or LDAP server. To implement your own Custom User Manager, create a Java class named MyUserManager.java that extends com.sl.gmsjrtview.GmsCustomUserManager. The default java class name (MyUserManager) can be changed using the customUserManagerClassName command line option. See “MyUserManager.java Example” for more information.
The following methods are available to overwrite in the MyUserManager:
|
Method |
Description |
|
public boolean activate () |
This method is called after the constructor. Subclasses should overwrite this method to initialize any data needed to validate the userName and password. This method should return true if the initialization was successful, otherwise return false. If this method returns false, the login will be considered invalid and RTView will exit. |
|
public boolean validateLogin (String userName, String password) |
This method is called from the login dialog to validate the userName and password. Subclasses should overwrite this method to return true if the userName and password are valid, otherwise return false. If there are no roles defined for the specified user, the login will fail, even if this method returns true. |
|
public void clientLogin (String userName, String role, String sessionID) |
This method is called when a client user logs in to Display Server and Data Server applications. There is a unique sessionID for each client login session. |
|
public void clientLogout (String userName, String role, String sessionID) |
This method is called when a client user logs out from Display Server and Data Server applications. There is a unique sessionID for each client login session. |
|
public void invalidateLogin () |
This method is called if the user presses Reset in the login dialog. The Reset button clears the fields so the user can set a new userName and password. If subclasses stored the userName or password from validateLogin() or the status of whether they were valid these values should be cleared. |
|
public boolean userHasMultipleRoles (String userName) |
This method must return true if the specified user has multiple roles, otherwise false. |
|
public Vector getRoleNamesForUser (String userName) |
This method must return a Vector containing the role names for the specified user. This method will only be called if userHasMultipleRoles() returns true for the specified user. Each user is required to have at least one role. |
|
public int validateLoginOnDefaultDataServer (String userName, String password) |
This method is called to allow the Custom User Manager to request validation from the default Data Server. This method returns 0 if userName and password are valid, -1 if login fails and -2 if the default Data Server is undefined or unavailable. |
|
getSubstitutions (String userName) |
This method should return substitutions to set on the RTView application when the specified user is logged in. If this user does not have any associated substitutions, this method should return null. Otherwise, return a pair of Vectors. Both Vectors must be the same length, with the first Vector containing the substitution strings and the second Vector containing the corresponding substitution values. |
|
getPassword (String userName) |
This method must return the password for the specified user, or null if the user is not recognized. |
This method is called for data sources that have the Use Client Credentials option selected. If the Use Client Credentials feature is not used in your application, this method can return null for all users.
Note: Some data sources do not support this feature. For information on Application Options for your data source, refer to the “RTView Data Sources” section of this documentation.
Add gmsjrtview.jar located in the lib directory (found in your installation directory) to your classpath when you compile your Custom User Manager. You must include your compiled Custom User Manager class in the classpath for RTView by adding it to the definition for the RTV_USERPATH environment variable or by packing it into myclasses.jar. If you will be using the Custom User Manager class with the Display Viewer Applet, include it in a .jar that is referenced in the Applet's ARCHIVE parameter.
The following is an example of a Java class named MyUserManager.java:
//*************************************************************************
//
// SL-GMS Graphical Modeling Application, RTView Package
// MyUserManager.java
// Copyright (c) 1998-2006 Sherrill-Lubinski Corporation. All Rights Reserved.
// May 2005
//
//*************************************************************************
import java.util.*;
import com.sl.gmsjrtview.*;
/** The MyUserManager class implements a custom user login.
* <P>
*/
public class MyUserManager extends GmsCustomUserManager
{
//******************************************************************
// Constructor methods
public MyUserManager ()
{
}
//******************************************************************
// Instance methods
/** This method is called after the constructor. Subclasses should
* overwrite this method to initialize any data needed to validate the
* userName and password. This method should return true if the initialization
* was successful, otherwise return false. If this method returns false,
* the login will be considered invalid and RTView will exit.
* <P>
*/
public boolean activate ()
{
return true;
}
//******************************************************************
// Get substitutions method
/** This method should return substitutions to set on the RTView
* application when the specified user is logged in. If this user does not
* have any associated substitutions, this method should return null.
* Otherwise, return a pair of Vectors. Both Vectors must be the same length,
* with the first Vector containing the substutition strings and the second
* Vector containing the corresponding substitution values.
* <P>
*/
public Vector[] getSubstitutions (String userName)
{
if (userName.equals("admin")) {
Vector subStrs = new Vector();
Vector subVals = new Vector();
subStrs.addElement("sub1");
subVals.addElement("value1");
subStrs.addElement("sub2");
subVals.addElement("value2");
return new Vector[] {subStrs, subVals};
} else if (userName.equals("user2")) {
Vector subStrs = new Vector();
Vector subVals = new Vector();
subStrs.addElement("user2sub1");
subVals.addElement("user2value1");
subStrs.addElement("user2sub2");
subVals.addElement("user2value2");
return new Vector[] {subStrs, subVals};
} else
return null;
}
//******************************************************************
// methods called from the login dialog
/** This method is called from the login dialog to validate the userName
* and password. Subclasses should overwrite this method to return true
* if the userName and password are valid, otherwise return false.
* If there are no roles defined for the specified user, the login will
* fail, even if this method returns true.
* <P>
*/
public boolean validateLogin (String userName, String password)
{
if (userName == null || password == null)
return false;
if (!userName.equals("admin") && !userName.equals("user1") &&
!userName.equals("user2") && !userName.equals("user3"))
return false;
if (!userName.equals(password))
return false;
return true;
}
/** This method is called if the user presses Reset in the login
* dialog. The Reset button clears the fields so the user can set
* a new user name and password. If subclasses stored the userName
* or password from validateLogin() or the status of whether they
* were valid these values should be cleared.
* <P>
*/
public void invalidateLogin ()
{
}
/** This method must return true if the specified user has multiple role,
* otherwise false.
* <P>
*/
public boolean userHasMultipleRoles (String userName)
{
if (userName == null)
return false;
if (userName.equals("user2") || userName.equals("user3"))
return true;
return false;
}
/** This method must return a Vector containing the role names for the
* specified user. Each user is required to have at least one role.
* <P>
*/
public Vector getRoleNamesForUser (String userName)
{
if (userName == null)
return null;
Vector v = new Vector();
if (userName.equals("admin")) {
v.addElement("admin");
return v;
}
if (userName.equals("user1")) {
v.addElement("role1");
return v;
}
if (userName.equals("user2")) {
v.addElement("role2");
v.addElement("role3");
return v;
}
if (userName.equals("user3")) {
v.addElement("role2");
v.addElement("role3");
v.addElement("role4");
return v;
}
return null;
}
//******************************************************************
// methods called for pass client credentials
/** This method must return the password for the specified user, or null if
* if the user is not recognized. This method is called for the sql and olap
* data sources to use if databases are defined that have Use Client
* Credentials selected. If the Use Client Credentials feature is not used in
* your application, this method can return null for all users.
*/
public String getPassword (String userName)
{
return null;
}
}
Defining Roles in a Custom Role Manager Class
Note: This section assumes you have a working knowledge of writing, compiling and deploying Java classes. The Custom Role Manager class extends the functionality of RTView by allowing you to write Java code that will get called when the user is logging in. To implement your own Custom Role Manager, create a Java class named MyRoleManager.java that extends com.sl.gmsjrtview.GmsCustomRoleManager. The default java class name (MyRoleManager) can be changed using the customRoleManagerClassName command line option. See “MyRoleManager.java Example” for more information.
The following methods are available to overwrite in the MyRoleManager:
|
Method Name |
Description |
|
public boolean activate () |
Activate the role manager. Subclasses should overwrite this method to perform any initialization necessary to implement the isAllowed() method. This method should return true if initialization was successful, otherwise return false. RTView will exit if this method returns false. |
|
public boolean isAllowed (String displayName, String role) |
Returns true if the specified display is allowed, otherwise return false. Subclasses should overwrite this method to return the appropriate value based on the displayName and role. |
|
public boolean isAllowed (String displayName, String role, String user) |
Returns true if the specified display is allowed, otherwise return false. Subclasses should overwrite this method to return the appropriate value based on the displayName, role and user. Note: This method is only invoked by the Display Server, which may call this method simultaneously on different threads. |
|
getSubstitutions (String role) |
This method should return substitutions to set on the RTView application when the specified role is logged in. If this role does not have any associated substitutions, this method should return null. Otherwise, return a pair of Vectors. Both Vectors must be the same length, with the first Vector containing the substitution strings and the second Vector containing the corresponding substitution values. Note: The Display Server calls GmsRoleManager.getSubstitutions(roleName) every time a user logs in or changes roles. This option allows a custom role manager to change the substitutions returned for a specific role without restarting the Display Server. |
Add gmsjrtview.jar located in the lib directory (found in your installation directory) to your classpath when you compile your Custom Role Manager. You must include your compiled Custom Role Manager class in the classpath for RTView by adding it to the definition for the RTV_USERPATH environment variable or by packing it into myclasses.jar.
If you will be using the Custom Role Manager class with the Display Viewer Applet, include it in a .jar that is referenced in the Applet's ARCHIVE parameter.
The following is an example of a Java class named MyRoleManager.java:
//*************************************************************************
//
// SL-GMS Graphical Modeling Application, RTView Package
// MyRoleManager.java
// Copyright (c) 1998-2006 Sherrill-Lubinski Corporation. All Rights Reserved.
// May 2005
//
//*************************************************************************
import com.sl.gmsjrtview.*;
import java.util.*;
/** The MyRoleManager class provides a custom role manager class.
* <P>
*/
public class MyRoleManager extends GmsCustomRoleManager
{
//***********************************************************************
// ACTIVATE METHOD
/** Activate the role manager. Subclasses should overwrite this method to
* perform any initialization necessary to implement the isAllowed() method.
* This method should return true if initialization was successful, otherwise
* return false. RTView will exit if this method returns false.
* <P>
*/
public boolean activate ()
{
return true;
}
//***********************************************************************
// GET SUBSTITUTIONS METHOD
/** This method should return substitutions to set on the RTView
* application when the specified role is logged in. If this role does not
* have any associated substitutions, this method should return null.
* Otherwise, return a pair of Vectors. Both Vectors must be the same length,
* with the first Vector containing the substutition strings and the second
* Vector containing the corresponding substitution values.
* <P>
*/
public Vector[] getSubstitutions (String role)
{
if (role.equals("role1")) {
Vector subStrs = new Vector();
Vector subVals = new Vector();
subStrs.addElement("role1sub1");
subVals.addElement("role1value1");
subStrs.addElement("role1sub2");
subVals.addElement("role1value2");
return new Vector[] {subStrs, subVals};
} else if (role.equals("role4")) {
Vector subStrs = new Vector();
Vector subVals = new Vector();
subStrs.addElement("role4sub1");
subVals.addElement("role4value1");
subStrs.addElement("role4sub2");
subVals.addElement("role4value2");
return new Vector[] {subStrs, subVals};
} else
return null;
}
//***********************************************************************
// IS ALLOWED METHOD
/** Returns true if the specified display is allowed, otherwise return
* false. Subclasses should overwrite this method to return the appropriate
* value based on the displayName and for the specified role.
* <P>
*/
public boolean isAllowed (String displayName, String role)
{
System.out.println("isAllowed role: " + role +
" display: " + displayName);
if (role == null || displayName == null)
return false;
if (role.equals("admin"))
return true;
if (displayName.equals("title_panel") ||
displayName.equals("operations"))
return true;
if (role.equals("role1")) {
if (displayName.equals("ems_administration") ||
displayName.startsWith("manage"))
return false;
else
return true;
}
if (role.equals("role2")) {
if (displayName.startsWith("manage") &&
!displayName.equals("manage_routes"))
return false;
else
return true;
}
if (role.equals("role3")) {
if (displayName.equals("ems_administration") ||
displayName.startsWith("manage"))
return true;
else
return false;
}
if (role.equals("role4")) {
if (displayName.equals("ems_monitoring") ||
displayName.equals("ems_allservers_api") ||
displayName.equals("ems_server_info") ||
displayName.equals("host_details"))
return true;
else
return false;
}
return false;
}
}