Is there a way to have the user profile of the one utilizing the web interface to carry through to either opening a file or calling a CGI program?

When I started down the road of making GUI interfaces for my RPG programs, I immediately decided that it was a priority for each user to run with his/her own authority. I don't run a public web server on my iSeries, the web stuff is just an alternative to 5250. I'd never allow all users to log on via 5250 using a single user profile, and likewise I won't allow them to log on via Web as QTMHHTTP each time.


So, here's how I went abot making sure that users always use their own authority. I have the HTTP server (Powered by Apache) set up as follows:

ScriptAliasMatch ^/cgi-bin/(.*) /QSYS.LIB/LIBCGI.LIB/$1
<Directory /QSYS.LIB/LIBCGI.LIB>
   Order Allow,Deny
   Allow From all
   Require valid-user
   PasswdFile %%SYSTEM%%
   AuthType Basic
   AuthName "AS/400 Sign On"
   ProfileToken on
</Directory>

The idea is that when the calling user accesses a /cgi-bin/ URL, the browser prompts the user saying "AS/400 Sign On" and asks for a userid and password. This userid/password is compared against the system user profiles (i.e. the normal userid/password that a 5250 user would have) and if valid, a profile token is generated. This profile token is passed to each and every CGI application in the HTTP_AS_AUTH_PROFILETKN
environment variable.


Each time one of my programs starts, it uses this profile token to run with the user's authority. To accomplish that, I wrote a subprocedure in a service program that I call at the start of every CGI program.

The srvpgm routine gets the envvar, base64 decodes it, and calls the QSYSETPT API to set the job to run with that users authority.

Actually, it's slightly more complex than that. It saves the authority of QTMHHTTP into a profile handle so that the authority can be switched back when the user is done. It also does some error handling setup to ensure that no matter what bugs might be in my CGI program, it'll always switch back to QTMHHTTP.

I also have an entire menu system that I've been writing (also in RPG via CGIDEV2) so that each user will have his/her own customized menu at logon, etc... this system also uses the userid set by QSYSETPT in order to know which user to display the menus for.

Works really well for me.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.