Skip to Content
0

Configuring AdminTools

Aug 14, 2017 at 04:41 AM

65

avatar image

Hi,

Does anyone know how to restrict AdminTools just for the administrator group?

Also, is it possible to default the authentication to WinAD? ie similar to BILaunchpad custom properties file.

Thanks in advance

Karen

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
Joe Peters Aug 14, 2017 at 05:11 PM
1

Currently, the BO security model does not allow for granting/denying the ability to log on to the CMS viaspecific web applications, so there is no way to prevent a user from creating a session and executing a CMS query.

That said, you can have some control over who can access the AdminTools web application. Assuming you are using the default Tomcat installation, you can use Tomcat's security to restrict access. This won't be synchronized with BOE, so users would get a prompt to log in.

Regarding changing the default authentication option -- yes, it's possible but you have to modify a file. Again, assuming you're on Tomcat, the file you want is webapps/AdminTools/querybuilder/logonform.jsp.

You'll see the following starting around line 113:

<%
	// Get a list of all the available authentication DLLs
	try
	{
		ISessionMgr sm = CrystalEnterprise.getSessionMgr();
		String[] authProgIds = sm.getInstalledAuthIDs();
		int nPlugins = authProgIds.length;
		for (int i = 0; i < nPlugins; ++i)
		{
			String ptypename = authProgIds[i];
			String pname = sm.nameFromProgID(ptypename);
			out.write("<option value=\"" + Encoder.encodeHTML(ptypename) + "\"");
			if (lastaut.equals(ptypename))
				out.write(" selected");
			out.write(">" + Encoder.encodeHTML(pname) + "\n");
		}
	}
	catch (SDKException e)
	{
		ExamplesUtil.WriteError(request, response, e, "GENERAL_ERROR", ExamplesUtil.ERROR_PAGE);
		return;
	}
%>

This dynamically populates the authentication dropdown list with the available authentication plugins in the system. Just replace the above block with:

<option value="secEnterprise" selected>Enterprise
<option value="secWinAD" selected>Windows AD

This will display "Enterprise" and "Windows AD" as options, and will default to to the latter.

If you wanted to get fancy, you could keep the dynamic jsp code above, and just add in logic to watch for Windows AD and apply the "selected" attribute.

Show 3 Share
10 |10000 characters needed characters left characters exceeded

Thanks Joe. Defaulting to WinAD works - at least it suits our purpose for now.

0

this is quite interesting. Nice "hack".

1

Thanks. It's one of the few plain-JSP files left... I don't think it's been touched very much since XIr2 (maybe before).

0
Denis Konovalov
Aug 14, 2017 at 02:24 PM
1

None of the things you're asking are possible.
adminTools is a non-manageable app.

Share
10 |10000 characters needed characters left characters exceeded