Configuring Viewpoint > Configuring security in Viewpoint > Configuring login modules > Using ViewpointLoginModule

2.5.1.1 Using ViewpointLoginModule

The ViewpointLoginModule is the default login module. When used, the ViewpointLoginModule authenticates users when the hash of a supplied password matches the stored password has in the Viewpoint database.

For security reasons, passwords are not explicitly stored in the database. Instead, a base64 encoded SHA-512 secure hash consisting of the password and a salt (a random number from a secure random number generator) is stored. To authenticate a user, the input password is combined with the salt (which is retrieved from the database). This combination is base64 encoded and compared with the base64 encoded hash from the database. If the hashes match, the user is authenticated.

To use ViewpointLoginModule

  1. Open the core.xml file located in the Viewpoint home directory. Locate the <request-handler> element.
  2. Insert two <parameter> elements with the callback attribute configured, one with a value of "NameCallback" and the other of "PasswordCallback". Set the element to the login username and password, respectively.
    3. <config>
  ...
    <security>
      ...
        <request-handler>
          ...
            <parameter callback="NameCallback">username</parameter>
            <parameter callback="PasswordCallback">password</parameter>
        </request-handler>
      ...
    </security>
</config>
  3. Add the ViewpointLoginModule as a required module in the <login-modules> section with the following:
    4. <login-modules>
  <login-module class="com.cri.security.server.modules.ViewpointLoginModule" flag="required" />
</login-modules>
  4. Add a ViewpointRolePrincipal that has the same name as each role you define in core.xml:
    5. <permissions-map>
  ...
    <principal type="ViewpointRolePrincipal" name="user">
      <role name="user" />
    </principal>
    <principal type="ViewpointRolePrincipal" name="admin">
      <role name="admin" />
    </principal>
</permissions-map>
...
<role-definitions>
  <definition name="user">
    <permission name="job.read" />
    ...
  </definition>
  <definition name="admin">
    <permission name="user.*" />
    <role name="user" />
  </definition>
</role-definitions>
  5. Configure your environment to use an SSL connection, since ViewpointLoginModule allows you to authenticate across a network using passwords. For more information about how to protect a site with SSL, see the Tomcat documentation.

Related topics 

 

© 2012 Adaptive Computing