User Management
The User Management module handles user connectivity to the application. It handles the authentication and authorization process for the user.
Logon configuration
To enable users to log on to Transact, configure server.xml, which is located in the <Transact Folder>\JavaAppServer\conf. Configure the Realm element which is located in the following structure:
<Server>
<Service>
<Engine>
<Host>
<Context>
<Realm />
</Context>
</Host>
</Engine>
</Service>
</Server>The realm tag has many configurable parameters. The use and need of these parameters depends upon the type of authentication server used by the user.
Various implementations can be configured at once. For more information, look for "Realms" on the Apache Tomcat website.
The commonly used realm configurations:
-
LDAP Realm
-
Tomcat Internal Memory Realm
Visit the Apace Tomcat website for details.
As the user logs on to the application, the user name and password are verified against the configured authentication server using the specified configuration properties.
User role handling
Transact, on the basis of the roles of the user logged in to the application, determines the following:
-
Batch classes the user will be allowed to view on the batch class management view.
-
Batch instance the user will be allowed to view batch instance management view.
-
Folders the user is allowed to view on the folder management view.
-
Scanner profiles and other configurations on the web scanner view.
The user roles for the logged-in user will be verified from authentication server configured in the property file<Transact Folder>\Application\WEB-INF\classes\META-INF\dcma-user-connectivity\user-connectivity.properties:
Following is the list of the configurable properties for this properties file.
Properties common to LDAP and Active Directory
| Configurable property | Type of value | Value options | Description |
|---|---|---|---|
| user.connectivity_url | String | A valid URL to connect to the server | The connection URL should be in the following format: ldap://(server_address):(port_number) |
| user.connectivity_config | String | N/A | Class name for specifying the context factory. |
| user.connectivity_ domain_component_name | String | N/A | The domain component name for the LDAP/Active Directory configuration. |
| user.connectivity_ domain_component_ organization | String | N/A | The domain component organization name for the LDAP/Active Directory configuration. |
| user.connectivity_username | String | A valid username to connect and access LDAP /Active Directory server | The username of the user responsible for interacting with the server. Only required if LDAP/Active directory is used for connecting to Transact. |
| user.connectivity_password | String | A valid password to connect and access LDAP/Active Directory server | The password of the user responsible for interacting with the server. Only required if LDAP/ Active directory is used for connecting to Ephesoft. |
| user.connectivity_ groupSearchAttributeFilter | String | A valid attribute to be searched while getting groups. | This Attribute is added so as to make search of groups in LDAP/AD configurable. By default, its cn (commonName) is returned. |
| user.connectivity_ userSearchAttributeFilter | String | A valid attribute to be searched while getting users | This Attribute is added to make search of Users (Organizational Unit) in LDAP/AD configurable. By default, its cn(commonName) is returned. |
Properties specific to LDAP configuration
| Configurable property | Type of value | Value options | Description |
|---|---|---|---|
| user.ldap_user_base | String | N/A | The relative path under which all user information will be located. This path will be relative to the domain components specified by the user. |
| user.ldap_group_base | String | N/A | The relative path under which all the groups/roles information will be located. This path will be relative to the domain components specified by the user. |
Properties specific to Active Directory configuration
| Configurable property | Type of value | Value options | Description |
|---|---|---|---|
| user.msactivedirectory_ context_path | String | N/A | The directory path where the intended user resides. |
| user.msactivedirectory_ group_search_filter | String | N/A | This filter defines can have |(OR), &(AND) and !(NOT). Example: ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)) |
Property specific to Tomcat configuration
| Configurable property | Type of value | Value options | Description |
|---|---|---|---|
| user.tomcatUserXmlPath | String | N/A | The directory path where the Tomcat configuration XML file resides. |
Property for selecting configuration
| Configurable property | Type of value | Value options | Description |
|---|---|---|---|
| user.connection | List of values | 0, 1, 2 | The type of connection user wants for the application: 0 for LDAP, 1 for MS Active Directory, 2 for Tomcat. |
Examples of configuration
LDAP
- Realm
-
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL=”ldap://localhost:389″ connectionName="cn=Manager,dc=ephesoft,dc=com" connectionPassword="********" userPattern="cn={0},ou=people,dc= ephesoft,dc=com" roleBase="ou=groups,dc=ephesoft,dc=com" roleName="cn" roleSearch="uniqueMember={0}"/> - user-connectivity.properties
-
user.connectivity_url=ldap://localhost:389 user.connectivity_config=com.sun.jndi.ldap.LdapCtxFactory user.connectivity_domain_component_name= ephesoft user.connectivity_domain_component_organization=com user.connectivity_username=cn=Manager,dc=ephesoft,dc=com user.connectivity_password=******* user.ldap_user_base=ou=people user.ldap_group_base=ou=groups user.connection=0
Active Directory
- Realm
-
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="[ldap:/x.x.x.x/ ldap://localhost:389]" connectionName="user@company.com" connectionPassword="********" userBase="cn=Users,DC=ephesoft,DC=com" userSearch="(&(objectClass=person)(sAMAccountName={0}))" userSubtree="true" roleBase="cn=Users,DC=ephesoft,DC=com" roleName="cn" roleSubtree="true" roleSearch="member={0}" referrals="follow" /> - user-connectivity.properties
-
user.connectivity_url=ldap://x.x.x.x:389 user.connectivity_config=com.sun.jndi.ldap.LdapCtxFactory user.msactivedirectory_context_path=CN=Users user.connectivity_domain_component_name=ephesoft user.connectivity_domain_component_organization=com user.connectivity_user_name=CN=Administrator,CN=Users,DC=ephesoft,DC=com user.connectivity_password=******* user.connection=1 (for fetching group and user from active directory)
Multiple realm example
<Realm className="org.apache.catalina.realm.CombinedRealm">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="[ldap://x.x.x.x/ ldap://x.x.x.x:389]"
connectionName="user@company.com"
connectionPassword="********"
userBase="cn=Users,DC=ephesoft,DC=com"
userSearch="(&(objectClass=person)(sAMAccountName={0}))"
userSubtree="true"
roleBase="cn=Users,DC=ephesoft,DC=com"
roleName="cn" roleSubtree="true"
roleSearch="member={0}" referrals="follow" />
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="[ldap://x.x.x.x/ ldap://x.x.x.x:389]"
connectionName="user@company.com"
connectionPassword="********"
userBase="cn=test1,DC=ephesoft,DC=com"
userSearch="(&(objectClass=person)(sAMAccountName={0}))"
userSubtree="true"
roleBase="ou=test1,DC=ephesoft,DC=com"
roleName="cn"
roleSubtree="true"
roleSearch="member={0}" referrals="follow" />
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="[ldap://x.x.x.x/ ldap://x.x.x.x:389]"
connectionName="user@company.com"
connectionPassword="********"
userBase="cn=test,DC=ephesoft,DC=com"
userSearch="(&(objectClass=person)(sAMAccountName={0}))"
userSubtree="true"
roleBase="ou=test,DC=ephesoft,DC=com"
roleName="cn"
roleSubtree="true"
roleSearch="member={0}" referrals="follow" />
</Realm>Global realm example
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://x.x.x.x:3268"
connectionName="user@company.com"
connectionPassword="********"
userBase="DC=ephesoft,DC=com"
userSearch="(sAMAccountName={0})"
userSubtree="true"
roleBase="ou=test,DC=ephesoft,DC=com"
roleName="cn"
roleSubtree="true"
roleSearch="member={0}"
referrals="follow" />