Tech Corner
Application-Specific Security on Your Intranet
by Andrew Vigrass
If one of your mrc intranet applications should only be accessed by a set list of users, it is easy to set up the required security.
There is no need to change the program. All that is required is to use the standard AS/400 HTTP security. The following instructions also explain how to secure a whole dictionary to a set list of users.
1: Creation of a Validation List
Step 1.1
On a host session, create a validation list object:
CRTVLDL VLDL(library/validlist) AUT(*ALL)
Step 1.2
If the TCP/IP admin server is not already started, start it:
STRTCPSVR SERVER(*HTTP) RESTART(*NONE) HTTPSVR(*ADMIN)
Step 1.3
Maintaining the list of users in the validation list is done from a browser. To access the HTTP server configuration menu use the following hyperlink:
http://111.222.333.44:2001
(replacing 111.222.333.44 with the IP address of your system)
The menu options differ between OS/400 releases, but find your way through the HTTP configuration menus to configuration and administration menus, where there will be an option to maintain entries in validation lists. Add the profiles that you require to the validation list created in step 1.
The essential entries when adding a user are: User Name, Password, Password Verification, and Validation List. All other entries can be left blank (as of release V5R1)
2: Securing An Application To A Validation List
Step 2.1
On a host session, edit the HTTP configuration to link your validation list with the application that you wish to secure:
WRKHTTPCFG
Then add the following entries:
Protect /mrcjava/dictionary/I00001GC.MRC {
PasswdFile library/validlist
ACLOverride Off
DeleteMask All@(*)
PostMask All@(*)
PutMask All@(*)
GetMask All@(*)
AuthType Basic
ServerID App_Security
UserID %%SERVER%%
}
Replacing:
"dictionary/I00001GC" with your dictionary and application number;
"library/validlist" with the details of the validation list created in step 1;
"App_Security" with you own alternative description, if preferred.
Step 2.2
If you started the TCP/IP admin server, this can now be stopped:
ENDTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
Step 2.3
The TCP/IP HTTP server needs restarting to reflect the changes:
STRTCPSVR SERVER(*HTTP) RESTART(*HTTP) HTTPSVR(DEFAULT)
3: Securing a Whole Dictionary
The above instructions secure a specific application, but the same technique can be used to secure an entire directory / dictionary to a specific validation list. This would be achieved by changing the protect directive to:
Protect /mrcjava/dictionary/* {
|
|
