Kbase 21186: ADM2 -- How To Authenticate a User on the Appserver w/ SDOs using setASInfo function
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
10/16/2008 |
|
Status: Verified
GOAL:
How to use the ADM2 setASInfo function to pass username and password to the AppServer connect procedure, allowing you to authenticate the current user in the connected databases.
FACT(s) (Environment):
Progress 9.x
ADM2
FIX:
When running an ADM2 application on the AppServer, particularly in stateless mode, traditional security authentication methods don't apply.
The AppServer session is a separate client session that will potentially need to connect to one or more databases to accomplish the goals of the application.
To do this, the AppServer will generally need a valid userid and password to gain access to the database.
There are a couple of ways that this could be accomplished. One would be to hard-code a generic userid and password in the database connect string in the AppServer setup using the -U & -P parameters. The problem with this is that the userid and password will be readable in the ubroker.properties file on the AppServer machine.
Standard Application Method
An alternative is to pass -U & -P to the AppServer in the connect method and retrieve them in a connect procedure specified in the advanced settings section of the AppServer in Progress Explorer, or through the 'srvrConnectProc' parameter in the ubroker.properties file.
The connect procedure must be a Progress procedure, available in the client session's PROPATH, with 3 'CHARACTER' input parameters defined: the first for userID, the second for password, and the third for miscellaneous.
The first and second parameters receive the values supplied by -U & -P that were passed to the AppServer's CONNECT() method. These values can be used with the SETUSERID() function to authenticate the current user in the connected database(s).
ADM2 Application Method
When using an ADM2 application on the AppServer, the SmartDataObject (SDO) handles the connect and disconnect of the client session to the AppServer, so, especially with the stateless AppServer, the former method will not work.
The SDO supplies the ASInfo property to handle database authentication through the AppServer. This works slightly different from the Standard 4GL Application method however, in that the value of the ASInfo property is passed as the third (miscellaneous) parameter to the connect procedure.
It is the developer's task to distinguish if the userid and password have been supplied to the first and second, or to the third parameter of the AppServer connect procedure.
To use this method with the ADM2, you will probably want to create a custom property on the client side of your application to hold the userid and password, then create an override of the initializeObject procedure in your own copy of dataCustom.p.
The code would look like this:
PROCEDURE initializeObject:
DEFINE VARIABLE cUserID AS CHARACTER NO-UNDO.
DEFINE VARIABLE cPassWd AS CHARACTER NO-UNDO.
/* This will probably be in the SDO's container, */
/* but I used TARGET-PROCEDURE for simplicity */
ASSIGN cUserID = DYNAMIC-FUNCTION('getUserID':U IN TARGET-PROCEDURE)
cPassWd = DYNAMIC-FUNCTION('getPassWd':U IN TARGET-PROCEDURE).
DYNAMIC-FUNCTION('setASInfo':U IN TARGET-PROCEDURE, cUserID + CHR(1) + cPassWd).
RUN SUPER.
END PROCEDURE.