Ahh. I see it now. Great, Scott. You should send me a consulting invoice.
:-)

Thanks,

Mark

Mark D. Walter
Senior Programmer/Analyst
CCX, Inc.
mwalter@xxxxxxxxxx
http://www.ccxinc.com


                                                                           
             web400@scottkleme                                             
             nt.com                                                        
             Sent by:                                                   To 
             web400-bounces@mi         Web Enabling the AS400 / iSeries    
             drange.com                <web400@xxxxxxxxxxxx>               
                                                                        cc 
                                                                           
             03/10/2005 02:50                                      Subject 
             PM                        Re: [WEB400] Switching Profiles     
                                                                           
                                                                           
             Please respond to                                             
             Web Enabling the                                              
              AS400 / iSeries                                              
             <web400@midrange.                                             
                   com>                                                    
                                                                           
                                                                           




Hi Mark,

> I'm generating a new profile token from the user profile in positions
> 254 to 263 of the status data structure. It would be QTMHHTTP in this
> case. Any ideas?

I did it differently...  instead of using the user profile that's listed
in the PSDS, I actually grabbed a profile handle to the current userid
BEFORE I switched, then I set that profile handle as active again after I
was done.

I use a lot of utility subprocedures in service programs, so it's really
hard to post my code in a manner that would allow you to actually compile
and run it -- I'd have to send you all of my utilities as well, which
could turn into a whole production...

But, here's a code snippet... hopefully it'll help you figure it out:

       *+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
       * CGI_RunWithUserAuthority(): Run procedure w/User's Authority
       *
       *  The HTTP Server (Powered by Apache) has the capability of
       *  verifying a user's login w/the iSeries password file and
       *  generating a profile token.  When that configuration is
       *  set up, this subprocedure can be called to run a subprocedure
       *  under the authority of the given user.
       *
       *    peFilename = (input) name of file that contains parameter
       *                 format of CGI data to send to callback.
       *
       *    peCallback = (input) Procedure to call back with this info.
       *
       * Returns *ON if successful, *OFF otherwise.
       *+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
      P CGI_RunWithUserAuthority...
      P                 B                   export
      D CGI_RunWithUserAuthority...
      D                 PI             1N
      D   peCallback                    *   procptr value

      D Callback        PR                  extproc(peCallback)

      D wwHandle        s             12A
      D wwB64Token      s             64A   varying
      D wwToken         s             32A
      D wwErrMsg        s             80A   varying
      D wwErr           ds                  likeds(ErrorCode)
      D                                     inz(*likeds)
      D wwRC            s              1N

       /free

           //
           //  Check if we received a profile token from the Web server
           //  and if so, decode the base64.
           //

           if (mygetenv('HTTP_AS_AUTH_PROFILETKN') = *NULL);
              SetError(CGI_NOTOKEN: 'No Profile Token Provided.');
              return *OFF;
           endif;

           wwB64Token = %str(mygetenv('HTTP_AS_AUTH_PROFILETKN'));

           base64_decode( %addr(wwB64Token) + 2
                        : %len(wwB64Token)
                        : %addr(wwToken)
                        : %size(wwToken) );

           //
           // Save the current security settings in wwHandle,
           //  then switch to run with the authenticated user's
           //  authority.
           //

           QSYGETPH('*CURRENT': '*NOPWD': wwHandle);
           QSYSETPT(wwToken: wwErr);

           if (wwErr.BytesAvail > 0);
               util_compose('QCPFMSG   *LIBL'
                           : wwErr.MsgID
                           : wwErr.MsgData
                           : wwErrMsg
                           : %size(wwErrMsg));
               SetError(CGI_BADTKN: wwErrMsg);
               QSYRLSPH(wwHandle);
               return *OFF;
           endif;

           //
           //  Get the CGI parms & run the procedure
           //

           wwRC = *ON;
           monitor;
              Callback();
           on-error;
              wwRC = *OFF;
              SetError(CGI_PRCCRSH: 'Callback procedure crashed.');
           endmon;

           //
           //  Reset back to the original user profile
           //

           QWTSETP(wwHandle);
           QSYRLSPH(wwHandle);
           return wwRC;

       /end-free
      P                 E

So, the above routine is stored in a service program where it can be
called by any/all of my CGI programs. Each CGI program's mainline looks
like this:


      if CGI_RunWithUserAuthority(%paddr(DoRealWork)) = *OFF;
          ErrorMsg = CGI_Error();
          // call a subprocedure to send the error msg to
          // the support staff.
      endif;

      *inlr = *on; // if appropriate

That's the whole mainline...  Everything else in the CGI program runs
under the user's authority, and is placed in the DoRealWork() subprocedure
(or another subprocedure that it calls...)

That way, no matter what goes wrong, the program will still complete
normally and still switch back to the original user.

I know that this doesn't directly answer your question -- but since my
service program seems to work okay, I thought maybe it'd help you to try
my method.

Good Luck

--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.




This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].