|
midrange.com
Maybe I missed this part... But how was apache setup to authenticate?
Thanks, tim
> -----Original Message-----
> From: web400-bounces@xxxxxxxxxxxx [SMTP:web400-bounces@xxxxxxxxxxxx] On
> Behalf Of web400@xxxxxxxxxxxxxxxx
> Sent: Thursday, March 10, 2005 11:51 AM
> To: Web Enabling the AS400 / iSeries
> Subject: Re: [WEB400] Switching Profiles
>
> Hi Mark,
>
> > I'm generating a new profile token from the user profile in positions
> > 254 to 263 of the status data structure. It would be QTMHHTTP in this
> > case. Any ideas?
>
> I did it differently... instead of using the user profile that's listed
> in the PSDS, I actually grabbed a profile handle to the current userid
> BEFORE I switched, then I set that profile handle as active again after I
> was done.
>
> I use a lot of utility subprocedures in service programs, so it's really
> hard to post my code in a manner that would allow you to actually compile
> and run it -- I'd have to send you all of my utilities as well, which
> could turn into a whole production...
>
> But, here's a code snippet... hopefully it'll help you figure it out:
>
> *+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> * CGI_RunWithUserAuthority(): Run procedure w/User's Authority
> *
> * The HTTP Server (Powered by Apache) has the capability of
> * verifying a user's login w/the iSeries password file and
> * generating a profile token. When that configuration is
> * set up, this subprocedure can be called to run a subprocedure
> * under the authority of the given user.
> *
> * peFilename = (input) name of file that contains parameter
> * format of CGI data to send to callback.
> *
> * peCallback = (input) Procedure to call back with this info.
> *
> * Returns *ON if successful, *OFF otherwise.
> *+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> P CGI_RunWithUserAuthority...
> P B export
> D CGI_RunWithUserAuthority...
> D PI 1N
> D peCallback * procptr value
>
> D Callback PR extproc(peCallback)
>
> D wwHandle s 12A
> D wwB64Token s 64A varying
> D wwToken s 32A
> D wwErrMsg s 80A varying
> D wwErr ds likeds(ErrorCode)
> D inz(*likeds)
> D wwRC s 1N
>
> /free
>
> //
> // Check if we received a profile token from the Web server
> // and if so, decode the base64.
> //
>
> if (mygetenv('HTTP_AS_AUTH_PROFILETKN') = *NULL);
> SetError(CGI_NOTOKEN: 'No Profile Token Provided.');
> return *OFF;
> endif;
>
> wwB64Token = %str(mygetenv('HTTP_AS_AUTH_PROFILETKN'));
>
> base64_decode( %addr(wwB64Token) + 2
> : %len(wwB64Token)
> : %addr(wwToken)
> : %size(wwToken) );
>
> //
> // Save the current security settings in wwHandle,
> // then switch to run with the authenticated user's
> // authority.
> //
>
> QSYGETPH('*CURRENT': '*NOPWD': wwHandle);
> QSYSETPT(wwToken: wwErr);
>
> if (wwErr.BytesAvail > 0);
> util_compose('QCPFMSG *LIBL'
> : wwErr.MsgID
> : wwErr.MsgData
> : wwErrMsg
> : %size(wwErrMsg));
> SetError(CGI_BADTKN: wwErrMsg);
> QSYRLSPH(wwHandle);
> return *OFF;
> endif;
>
> //
> // Get the CGI parms & run the procedure
> //
>
> wwRC = *ON;
> monitor;
> Callback();
> on-error;
> wwRC = *OFF;
> SetError(CGI_PRCCRSH: 'Callback procedure crashed.');
> endmon;
>
> //
> // Reset back to the original user profile
> //
>
> QWTSETP(wwHandle);
> QSYRLSPH(wwHandle);
> return wwRC;
>
> /end-free
> P E
>
> So, the above routine is stored in a service program where it can be
> called by any/all of my CGI programs. Each CGI program's mainline looks
> like this:
>
>
> if CGI_RunWithUserAuthority(%paddr(DoRealWork)) = *OFF;
> ErrorMsg = CGI_Error();
> // call a subprocedure to send the error msg to
> // the support staff.
> endif;
>
> *inlr = *on; // if appropriate
>
> That's the whole mainline... Everything else in the CGI program runs
> under the user's authority, and is placed in the DoRealWork() subprocedure
>
> (or another subprocedure that it calls...)
>
> That way, no matter what goes wrong, the program will still complete
> normally and still switch back to the original user.
>
> I know that this doesn't directly answer your question -- but since my
> service program seems to work okay, I thought maybe it'd help you to try
> my method.
>
> Good Luck
>
> --
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
>
This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential or privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy the message.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
