|
Public Source
|
| |
|
Introduction |
|
LogInOut approach |
|
Defining users |
|
Application development |
|
Appendix A - Installation |
|
Appendix B - LOGINOUT service program |
| Appendix C - HTTP-based login technique |
|---|
| |
| Download |
| |
|
|
|
|
|  |
|
|
|
Appendix C -
HTTP-based login technique
|
Though the login technique based on HTTP directives is not the objective of these pages,
we though it could be useful to present some details on it.
- Base directives
Assume that you have some CGI application running on iSeries.
The Apache directives in Figure 1 could be used to run this application under the iSeries HTTP server.
These directives are usually enough to allow execution of a CGI application.
#========== Application in library MYLIB ==============
ScriptAliasMatch /mylibp/(.*) /qsys.lib/mylib.lib/$1
Alias /mylib/ /mylib/
<Directory /mylib>
AllowOverride None
Options None
order allow,deny
allow from all
</Directory>
<Directory /qsys.lib/mylib.lib>
Options +ExecCGI
CgiConvMode %%EBCDIC/EBCDIC%%
AllowOverride None
Options None
order allow,deny
allow from all
</Directory> |
Figure 1 - Base Apache HTTP directives for this application
(For Apache directives, see this page)
- The directive ScriptAliasMatch ...
maps the pseudo path used in the URI's to invoke the server programs in library MYLIB
- The next directive Alias ...
alerts Apache that IFS directory /mylib will be used.
This directory may contain static pages, images or other objects linked from html pages.
- The container <Directory /mylib> ... </Directory>
allows Apache to access IFS directory /mylib .
- The container <Directory /qsys.lib/mylib.lib> ... </Directory>
allows Apache to access library MYLIB (for loading the CGI programs).
In this container
- directive Options +ExecCGI tells that CGI programs from library MYLIB can be executed
- directive CgiConvMode %%EBCDIC/EBCDIC%% specifies the conversion mode that the server must use when processing CGI programs from this library.
- Restricted access through user profiles
Assume the need to restrict the access to all CGI programs in library MYLIB.
An HTTP-based login procedure should allow access only to the existing user profiles.
That could be implemented by adding the following directives:
<LocationMatch ^/mylibp/(.*)$>
AuthType Basic
AuthName "Application MYLIB"
PasswdFile %%SYSTEM%%
UserID %%CLIENT%%
Require valid-user
</LocationMatch> |
Figure 2 - Implementing an HTTP-based login procedure through user profiles
- The regular expression
^/mylibp/(.*)$
intercepts any attempt to invoke a CGI from library MYLIB,
and applies to this request all the directives of this container.
- The directive PasswdFile %%SYSTEM%%
indicates that the server should use the iSeries User Profile support to validate username/password.
- The directive UserID %%CLIENT%%
tells HTTP to run the requested CGI program under the user profile specified by the user when logging in.
- Restricted access through a validation list
If you want instead to restrict the access only to the users documented in validation list
MYVLDL in library MYLIB, you may use the following directives:
<LocationMatch ^/mylibp/(.*)$>
AuthType Basic
AuthName "Application MYLIB"
PasswdFile MYLIB/MYVLDL
UserID MYUSRPRF
Require valid-user
</LocationMatch> |
Figure 3 - Implementing an HTTP-based login procedure through a validation list
- The directive PasswdFile MYLIB/MYVLDL
indicates that the server should use the validation list MYVLDL in library MYLIB to validate username/password.
- The directive UserID MYUSRPRF
tells HTTP to run the requested CGI program under user profile MYUSRPRF (where MYUSRPRF is an existing user profile.
Note that user profile QTMHHTTP must have *USE authority over this user profile).
|
|
|
