Close popover

Implementing authentication for PRSYSMGMT and PRDBUTIL

Summary

Process Commander comes with two administrative applications:

PRSYSMGMT – The System Management application used to perform administration. This utility is packaged in prsysmgmt.war.

PRDBUTIL – Allows you to upload and install the application files, and to set up the initial configuration of your Process Commander system. This utility is packaged in prdbutil.war.

For security reasons, you may want to enable authentication for the servlets in these applications. This prohibits unauthorized users from accessing these utilities.

Suggested Approach

To enable authentication on PRSYSMGT and PRDBUTIL, do the following:

  1. Copy the prdbutil.war and prsysmgmt.war files to a temporary directory:

    > cp prdbutil.war /mytemp/prdbutil.war

    NOTE: These instructions use the prdbutil.war file and UNIX commands. To perform these steps on prsysmgt.war, switch out the filenames. On Windows servers, use a CMD window and MS-DOS commands. .
  2. Extract the contents from the .war file.

    mytemp> jar –xvf prdbutil.war
  3. Modify the web.xml file located in the ./WEB-INF directory and add the following immediately before the last line of the file (</web-app>):

    <security-constraint>
    <web-resource-collection>
    <web-resource-name>System Management Application - DB utility
    Application </web-resource-name>
    <description>secure all urls for this application</description>
    <url-pattern>/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>PegaDiagnosticUser</role-name>
    </auth-constraint>
    </security-constraint>

    <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>PegaRULES</realm-name>
    </login-config>

    <security-role>
    <role-name>PegaDiagnosticUser</role-name>
    </security-role>

NOTE: If you’re using container managed client certificates, the login-config portion of web.xml should be as follows:

<login-config>

<auth-method>CLIENT-CERT</auth-method>

<realm-name>Example Form-Based Authentication Area</realm-name>

<form-login-config>

<form-login-page>/jsp/security/login/login.jsp</form-login-page>

<form-error-page>/jsp/security/login/error.jsp</form-error-page>

</form-login-config>

</login-config>

  1. Repackage the .war file.

    mytemp> jar –uvf prdbutil.war ./WEB-INF/web.xml

    The following output displays during repackaging:

    adding: WEB-INF/web.xml(in = 4657) (out = 951) (deflated 79%)
  2. Confirm the new datestamp for the web.xml file (and confirm the directory location) if you view the jar file's table of contents.

    mytemp> jar –tvf prdbutil.war | grep “/web.xml”
    4657 Mon Nov 05 10:32:28 EST 2007 WEB-INF web.xml
  3. Redeploy the updated prdbutil.war file.
  4. Use your application server’s administration console to map users to the PegaDiagnosticUser role to allow access to the prdbutil and prsysmgmt servlets.

    Consult your application server’s documentation for instructions on mapping users and user roles.

For more information on System Management Application (prsysmgt) security, see the System Management Application Reference Guide, Version 5.1.


100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.