Home » Asset Suite & PassPort » interfaces (tools & interface applications) » FI Connect (api)

Make FI Connect more secure by requiring user to have security event

Restrict access to the FI Connect administration panels by adding a PassPort security event check to the FI Connect login processing. The following is an example of how this might be implemented.

1. Create a custom security event on PassPort's System Administration panel X073. For example: Security Event TI, FICONN, Desc: Security Event for accessing FI Connect., Event Status: S, Event Type: Z, Primary Level Type: O.

2. Assign the security event to the users that need access for configuring and monitoring FI Connect on the PassPort System Administration panel X070. The Facility is set to ***, View: TI, Security Event: FICONN, Type: Z, Prim Fac: U.

3. Edit a Java Server Page within the FI Connect product to confirm that the user logging in has been given the security event. Edit JSP ../fixml/authenticate.jsp by adding Java code to do a database lookup. Be careful because the JSP program is a combination of Java and Expression Language code. It is confusing.

Within authenticate.jsp, locate the code that is invoking class PassportLogon method isValidUser. The code is checking the boolean result of method isValidUser and, if false, executing Expression Language code to kick the user back to the logon page with a logon failed message.

After the code that puts the user back to filogon.jsp there's Java code: } else {. As an example, the following code can be added here to check for the security event and if the user does not have it, kick them back to the logon page with a message.

String securityEvent = " ";
String sql_1 = "SELECT security_event FROM " + SqlUtil.addTblQualifier() + " tidsecus WHERE passport LIKE ? AND security_event = 'FICONN' AND pri_auth_own = 'U'";

Connection connection_1 = null;
PreparedStatement ps_1 = null;
ResultSet rs_1 = null;

try {
connection_1 = PPUtil.getDbConnection();
ps_1 = connection_1.preparedStatement(sql_1);
ps_1.setString(1, userId.toUpperCase() + "%");
rs_1 = ps_1.executeQuery();
if (rs_1.next()) {
securityEvent = rs_1.getString("security_event");
}
rs_1.close();
ps_1.close();
connection_1.close();
System.out.println("Verify user has security event FICONN.");
} catch (Exception e) {
System.out.println(e.getMessage());
}

session.setAttribute("securityEvent", securityEvent);

// Check the SQL result. Careful to trim the SQL result.
if (!securityEvent.trim().equalsIgnoreCase("FICONN")) {

%>

<fi:redirect page="filogon.jsp" >
<fi:param name="errorMsg" value='<%="User ID does not have security event FICONN"%>' />
</fi:redirect>

<%

} else {

At this point the flow of logic is back where it was. At the bottom of authenticate.jsp, the closing brace has to be added. It's position is before the last two closing braces.

<% } %>

‹ Trouble shooting api messages in FI Connect Data targeted to PassPort converted to upper case ›
By webmaster | | add new comment