Creating a Credentials Mapping Task
Each element of the Auth-Map context group produced as the output group from the credentials mapping task must contain three attributes named INSTANCE, DBUSER, and PASSWD. The value of INSTANCE identifies the adapter to which the element applies. The values of DBUSER and PASSWD provide the authentication information to be passed to the adapter in cases where explicit DBUSER and PASSWD parameters are not specified on an adapter webject.
When a credentials mapping task executes, all normal context information is available to it. For example, the SERVER context group is available. If a request sent by a browser to Info*Engine has been authenticated by the web server, then the SERVER group contains an attribute named Auth-User. This attribute specifies the username that was authenticated by the web server. The credentials mapping task can use that username as a key to obtain user-specific authentication information from one or more adapter-accessible information systems. It can then create an output group from that authentication information.
The following credentials mapping task example creates a group that contains all valid username and INSTANCE name combinations with corresponding DBUSER and PASSWD values. From this group, it then selects only those elements that contain the authenticated username. These elements then make up the Auth-Map group:
<%@page language="java" session="false"%>
<%@taglib uri="http://www.ptc.com/infoengine/taglib/core" prefix="ie"%>
<!-- Create a group from specified parameters -->
<ie:webject name="Create-Group" type="GRP">
<ie:param name="GROUP_OUT" data="AuthGroup"/>
<ie:param name="CLASS" data="AuthorizationRecord"/>
<ie:param name="DELIMITER" data=":"/>
<ie:param name="ELEMENT" data="USERNAME=abc:INSTANCE=com.myHost.jdbcScott:
DBUSER=scott:PASSWD=tiger"/>
<ie:param name="ELEMENT" data="USERNAME=abc:INSTANCE=com.myHost.jdbcAdapter:
DBUSER=abc:PASSWD=abc123"/>
<ie:param name="ELEMENT" data="USERNAME=xyz:INSTANCE=com.myHost.myGateway:
DBUSER=xyz:PASSWD=xyz123"/>
<ie:param name="ELEMENT" data="USERNAME=test:INSTANCE=com.myHost.myGateway:
DBUSER=mno:PASSWD=mno123"/>
</ie:webject>
<!-- Select subset for actual Auth-Map group based on authenticated user -->
<ie:webject name="Subset-Group" type="GRP">
<ie:param name="GROUP_IN" data="AuthGroup"/>
<ie:param name="FILTER" data="USERNAME='$(SERVER[]AUTH-USER[0])'"/>
<ie:param name="CASE_IGNORE" data="TRUE"/>
<ie:param name="GROUP_OUT" data="Auth-Map"/>
</ie:webject>
If this task runs when the authenticated user is “abc,” then the resulting elements in the Auth-Map group would be:
USERNAME
|
INSTANCE
|
DBUSER
|
PASSWD
|
abc
|
com.myHost.jdbcScott
|
scott
|
tiger
|
abc
|
com.myHost.jdbcAdapter
|
abc
|
abc123
|
Then, using the webject INSTANCE parameter, Info*Engine determines which DBUSER and PASSWD parameter values to add.