Custom Transport - Secured Service Catalog
Author: Christopher Dawes (IBM)
v 1.1 - Dec 2018 - Now supports Groups
v 1.0 - Jan 2016
Desired Use Case
Is there any way in FEB to restrict access to custom service descriptions? i would like to add different services to my FEB deployment but I don't want my whole organization to see them.
Description
This example demonstrates how to create a service catalog and a service catalog group.
As of 8.6.2, any service that you place in the ServiceCatalog will be viewable by ALL FEB users when they are designing their own applications.
I have been thinking about this for a long time and recently had several people ask me about it so I decided to look into it. I created a custom service catalog and catalog group that is user aware! This means that by using this extension you can decide who has access to services that you publish to your FEB server. Review the video below to see what the extension does.
Installation Instructions
1. Download the extension. CustomSecuredServices.jar
2. Place the CustomSecuredServices.jar file in your configured extensions directory.
3. A new property can be added to the Builder_config.properties to define the folder used by this extension (hcl.services.secureservices.catalogDirectoryName=SecuredServices). The default is "SecuredServices". Create the folder called "SecuredServices" as a sibling to the extensions directory (for example, opt/ibm/Forms/SecuredServices, c:\IBM\Forms\SecuredServices - the extension automatically picks up the extensions directory if you have redefined its location using the fsp.properties).
4. Copy the whitelist.xml in the "SecuredServices" folder. whitelist.xml
5. Add your service XML files into the "SecuredServices" folder. You can create sub directories if you wish to keep the service files better organized.
6. Modify the whitelist.xml:
- set the name of the group (<groupName/>) that you want to appear in the FEB UI
- Add each .xml file to the <services> list and define the users that you want to be able to see it:
<service> <!-- should be the name of the Directory OR the xml file name --> <serviceName>My Service Name</serviceName> <groups> <group>group1</group> <groups> <users> <user>user1</user> <user>user2</user> </users> </service>
- the <serviceName> can be the name of the sub folder, which will then include all the XML files or it can be a specific XML file in that folder
- create as many <user> elements as you want, one for each user that can see the service(s). The user that you specify must be the user's login id (what they use to log into FEB). The extension does not support groups, you must define each user explicitly.
The changes will take effect immediately there is no need to restart the server or process.
How does this solution work?
This is a Leap extension. When the service dialog loads, while designing an application, the current user is evaluated and then the list of service descriptions is loaded based on the whitelist.
Troubleshooting
To enable logging for this extension add the trace string "com.hcl.services.SecuredServiceCatalog=finest" to your WAS server where FEB is deployed. The logging messages will appear in the trace.log within the logs directory for the server.
If you have any questions or concerns please add a comment below.