mrc logo mrc logo
  • m-Power m-Power
    What is m-Power?
    Overview Demos Build Process Case Studies Specs Pricing Trial
    m-Power Resources
    Overview How-To Videos Webinars & Podcasts White Papers Fact Sheets
  • Solutions Solutions
    What does m-Power build?
    Overview Database Front-Ends Reporting CRM Systems Business Intelligence Dashboards Inventory Management Mobile Apps ERP Enhancements Modernization Spreadsheets to the web MS Access to the web B2B/Web Portals Scheduling Embedded Analytics Web Forms Workflow Data Exploration Budgeting & Forecasting APIs and Web Services Db2 Web Query Alternative
    Solutions by Industry
    Overview Manufacturing Government Foodservice Software Vendors Logistics & Supply Chain Software Consultants Healthcare
  • Services Services
    Development Services Training Mentoring
  • About About
    Overview Partners Press Releases Careers Events Contact Blog
  • Support Support
    Support Home FAQ Documentation Customer Portal Enhancements Updates Roadmap Techblog
Try m-Power

m-Power Manual

Browse:

  • Home
  • Security
  • Securing Applications Against Multiple Validation Sources
Back to Manual

Securing Applications Against Multiple Validation Sources

As you may know, m-Power applications can be configured to require Sign-on validation so that your user must first authenticate before accessing the underlying page. Also, as you may be aware, m-Power supports a variety of Sign-on validation types (Database user, Active Directory, Database table, etc…). Occasionally, some developers may desire to have the flexibility to have their applications secure against multiple validation types. For instance, perhaps you have a situation where your internal users are already setup in an Active Directory, but your external users are stored in a database table. Your challenge would be to allow m-Power to seamlessly validate against both of these sources, unbeknownst to the user.

m-Power now supports the ability, at the Data Dictionary level, to validate against multiple datasources automatically. This additional validity logic would be done behind the scenes and your end-user would be unaware that their credentials were being examined across multiple validation sources. Here is how to set up this functionality:

  1. Navigate to the Admin section
  2. Click "Edit Dictionary Files"
  3. Click "Sign On Configuration"
  4. Click "Text Mode"
  5. Find the following code: "</mrc_signon>"
  6. Directly before the above code, add the following:
    <validation_sources>
    <source validation_type="4" datasource="mysql1" tablename="" col_user="" col_password="" encryption_type=""/>
    <source validation_type="5" datasource="mysql1" tablename="mylib.mysec" col_user="usr" col_password="pwd" encryption_type=""/>
    <source validation_type="1" datasource="as400_remote1" tablename="" col_user="" col_password="" encryption_type=""/>
    </validation_sources>
    

    Note: This example lists 3 alternative validation types but you can add as many or as few alternative validation sources as you wish.

  7. Modify the code you added in the previous step to validate against your validation types, filling out all necessary information.

    Note: When you add in additional validation methods, it is required that all 6 attributes be present, though some attributes can be blank. Specifically, if specifying option 5, all values must be filled out. However, any other validation method requires only the first two attributes to be filled out, while the last 4 need to rename equal to blank.

  8. Save
  9. Restart Tomcat to ensure the change has gone into effect

When a user presents their username and password for validation, m-Power will attempt to validate their credentials against the primary validation source, as noted in the "<group….>" value. If the user's credentials are valid, they will proceed to the application. However, if the user's credentials fail, the system will attempt to validate against the first entry listed in the "<validation_sources…>" section. Again, if these credentials are valid, the user can proceed. If not, the next entry will be attempted, until no more entries remain. Once all entries have been exhausted, the user will see a message on their Sign-On screen that says their credentials are not valid.
Note: More information explaining general m-Power Security can be found here.

Created: February 12, 2014 | Modified: June 27, 2019

Search


Browse By Category

Build Process (13)
Starting with m-Power (8)
Retrievals (10)
Reports (15)
Summaries (4)
Maintainers (17)
Graphs (8)
m-Power Data Explorer (4)
General (24)
Calculations (5)
Utilities (9)
m-Power Administration (23)
Security (11)
Freemarker (6)
m-Painter (29)
Form Validation (5)
External Objects & UDFs (12)
Deprecated Documentation (23)
Bootstrap Templates (7)

Popular Tags

Excel Administration Video Calculations Java Reports Graphing Popular Dropdowns RPG Maintainers mrc-Productivity Series Freemarker Build Process Form Validation Retrievals Dates m-Painter Database App Properties Retrieval Prompt Screens Production Security SQL Bootstrap Templates Tomcat Compiling Summaries Bar Graphs Advanced Graph Properties Performance Data Dictionary External Objects Email DB2 Application Properties Parameters Maintainer Getting Started Record Selections Admin Graphs Report

See all tags »

michaels, ross & cole, ltd. (mrc)

Privacy Policy Cookie Policy Cookie Settings Notice at Collection Do Not Sell or Share My Personal Information

mrc (US)

2001 Midwest Road
Suite 310
Oak Brook, IL 60523
630-916-0662

mrc (UK)

Mortlake Business Centre
20 Mortlake High Street
London, SW14 8JN
+44-20-335-59566


© 2024 mrc. All rights reserved.