×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Is there a way to have the user profile of the one utilizing the web
interface to carry through to either opening a file or calling a CGI
program?
When I started down the road of making GUI interfaces for my RPG programs,
I immediately decided that it was a priority for each user to run with
his/her own authority. I don't run a public web server on my iSeries, the
web stuff is just an alternative to 5250. I'd never allow all users to log
on via 5250 using a single user profile, and likewise I won't allow them
to log on via Web as QTMHHTTP each time.
So, here's how I went abot making sure that users always use their own
authority. I have the HTTP server (Powered by Apache) set up as follows:
ScriptAliasMatch ^/cgi-bin/(.*) /QSYS.LIB/LIBCGI.LIB/$1
<Directory /QSYS.LIB/LIBCGI.LIB>
Order Allow,Deny
Allow From all
Require valid-user
PasswdFile %%SYSTEM%%
AuthType Basic
AuthName "AS/400 Sign On"
ProfileToken on
</Directory>
The idea is that when the calling user accesses a /cgi-bin/ URL, the
browser prompts the user saying "AS/400 Sign On" and asks for a userid and
password. This userid/password is compared against the system user
profiles (i.e. the normal userid/password that a 5250 user would have) and
if valid, a profile token is generated. This profile token is passed to
each and every CGI application in the HTTP_AS_AUTH_PROFILETKN
environment variable.
Each time one of my programs starts, it uses this profile token to run
with the user's authority. To accomplish that, I wrote a subprocedure in
a service program that I call at the start of every CGI program.
The srvpgm routine gets the envvar, base64 decodes it, and calls the
QSYSETPT API to set the job to run with that users authority.
Actually, it's slightly more complex than that. It saves the authority of
QTMHHTTP into a profile handle so that the authority can be switched back
when the user is done. It also does some error handling setup to ensure
that no matter what bugs might be in my CGI program, it'll always switch
back to QTMHHTTP.
I also have an entire menu system that I've been writing (also in RPG via
CGIDEV2) so that each user will have his/her own customized menu at logon,
etc... this system also uses the userid set by QSYSETPT in order to know
which user to display the menus for.
Works really well for me.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.