Scott,

This is the type of thing I'm looking for. Thanks.

Thanks,

Mark

Mark D. Walter
Senior Programmer/Analyst
CCX, Inc.
mwalter@xxxxxxxxxx
http://www.ccxinc.com


                                                                           
             web400@scottkleme                                             
             nt.com                                                        
             Sent by:                                                   To 
             web400-bounces@mi         Web Enabling the AS400 / iSeries    
             drange.com                <web400@xxxxxxxxxxxx>               
                                                                        cc 
                                                                           
             02/22/2005 06:30                                      Subject 
             PM                        Re: [WEB400] User Profiles          
                                                                           
                                                                           
             Please respond to                                             
             Web Enabling the                                              
              AS400 / iSeries                                              
             <web400@midrange.                                             
                   com>                                                    
                                                                           
                                                                           





> Is there a way to have the user profile of the one utilizing the web
> interface to carry through to either opening a file or calling a CGI
> program?

When I started down the road of making GUI interfaces for my RPG programs,
I immediately decided that it was a priority for each user to run with
his/her own authority.  I don't run a public web server on my iSeries, the
web stuff is just an alternative to 5250. I'd never allow all users to log
on via 5250 using a single user profile, and likewise I won't allow them
to log on via Web as QTMHHTTP each time.

So, here's how I went abot making sure that users always use their own
authority. I have the HTTP server (Powered by Apache) set up as follows:

ScriptAliasMatch ^/cgi-bin/(.*) /QSYS.LIB/LIBCGI.LIB/$1
<Directory /QSYS.LIB/LIBCGI.LIB>
    Order Allow,Deny
    Allow From all
    Require valid-user
    PasswdFile %%SYSTEM%%
    AuthType Basic
    AuthName "AS/400 Sign On"
    ProfileToken on
</Directory>

The idea is that when the calling user accesses a /cgi-bin/ URL, the
browser prompts the user saying "AS/400 Sign On" and asks for a userid and
password. This userid/password is compared against the system user
profiles (i.e. the normal userid/password that a 5250 user would have) and
if valid, a profile token is generated.  This profile token is passed to
each and every CGI application in the HTTP_AS_AUTH_PROFILETKN
environment variable.

Each time one of my programs starts, it uses this profile token to run
with the user's authority.  To accomplish that, I wrote a subprocedure in
a service program that I call at the start of every CGI program.

The srvpgm routine gets the envvar, base64 decodes it, and calls the
QSYSETPT API to set the job to run with that users authority.

Actually, it's slightly more complex than that. It saves the authority of
QTMHHTTP into a profile handle so that the authority can be switched back
when the user is done.  It also does some error handling setup to ensure
that no matter what bugs might be in my CGI program, it'll always switch
back to QTMHHTTP.

I also have an entire menu system that I've been writing (also in RPG via
CGIDEV2) so that each user will have his/her own customized menu at logon,
etc... this system also uses the userid set by QSYSETPT in order to know
which user to display the menus for.

Works really well for me.



--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.