Overview   Package  Class  Tree  Deprecated  Index  Help 
 PREV PACKAGE   NEXT PACKAGE FRAMES    NO FRAMES    

Package com.crystaldecisions.sdk.plugin.authentication.secwinnt

This package contains two interfaces that allow you to map groups and their members from your Windows NT user database to SAP BusinessObjects Enterprise, and verify all logon requests that specify Windows NT Authentication.

See:
          Description

Interface Summary
IsecWinNT Deprecated. since 4.0
IsecWinNTBase This interface provides methods that map Windows NT principals (users and groups) to SAP BusinessObjects Enterprise, and manage Windows NT authentication.
 

Package com.crystaldecisions.sdk.plugin.authentication.secwinnt Description

This package contains two interfaces that allow you to map groups and their members from your Windows NT user database to SAP BusinessObjects Enterprise, and verify all logon requests that specify Windows NT Authentication. Users are authenticated against the Windows NT user database, and have their membership in a mapped NT group verified before the Central Management Server (CMS) grants them an active SAP BusinessObjects Enterprise session.

This plugin is compatible with NT 4 or Windows 2000 Active Directory user databases. For more information on mapping Windows NT users and groups to SAP BusinessObjects Enterprise, see the SAP BusinessObjects Enterprise Administrator’s Guide.

Note: Windows NT authentication is not supported as an authentication type in the Java SDK.

Retrieving an authentication plugin

Unlike the desktop plugins, the authentication plugins are static, and objects cannot be created from them. It follows that since no instances of the plugin exist, you must retrieve the plugin itself. Each type of authentication plugin is represented by an InfoObject. These objects are stored in the CI_SYSTEMOBJECTS category in the CMS InfoStore, and must be retrieved using the SI_NAME property.

Example

The following example retrieves the secWindowsNT authentication plugin:

IInfoObjects authObjs = iStore.query( "SELECT TOP 1 * FROM CI_SYSTEMOBJECTS WHERE SI_NAME='secWindowsNT'");

The query method returns a collection of InfoObjects, which in this case contains only one item--the secWinNT class. Like other InfoObjects, this object is uniquely represented by its ID property. You can also access general InfoObject properties, such as the SI_NAME property, SI_DESCRIPTION property, and SI_ID property.

To access the IsecWinNT objects returned by the query, the resulting IInfoObjects need to be cast. This example demonstrates how to cast the returned IInfoObjects as IsecWinNT objects:

IInfoObject obj = (IInfoObject) authObjs.get(0);
IsecWinNT winNTAuth = (IsecWinNT) obj;

Mapping a third-party user group

A third-party group can be mapped over to SAP BusinessObjects Enterprise in two ways. The third-party group alias name can be added to a new IUserGroup or it can be added to an existing group. Once the IUserGroupAlias for the third-party user group has been added to the IUserGroup, the collection must then be committed to the CMS. Before committing, ensure that the IUserGroupAlias's setDisabled method is set to false. Also be aware that adding an alias to an existing user group is not the same as re-assigning the third-party alias. Re-assignment is not handled by the CMS and must be done manually.

Once the appropriate third-party user group aliases have been created and added to an IUserGroup, the third-party user group is ready to be imported. In order to trigger the import of the third-party users, the third-party plugin InfoObject needs to be updated. It is important to note that merely adding the third-party group alias to a group does not trigger the import of the users.

To import WinNT users from a previously mapped third-party group:

  1. Query for the IUserGroup to which the third-party group alias to be mapped was added.
  2. Iterate through the returned group collection and construct a semi-colon separated string of WinNT aliasIDs. Use the IUserGroupAlias object's getAuthentication() and getID() methods to retrieve the required information.
  3. Query for the secWinNT plugin InfoObject. See Retrieving an authentication plugin.
  4. Append the string of WinNT group aliasIDs to the authentication plugin's SI_MAPPED_GROUPS property.
  5. Modify the plugin's SI_ALIAS_AUTOADD and SI_MAPPED_GROUPS properties depending on the desired system behavior.
  6. Commit the plugin to the CMS.
    If the commit is successful, the third-party user group's users will be imported into SAP BusinessObjects Enterprise.

Change properties before committing

You must change at least one property of this plugin before you commit it to the CMS repository. Unchanged class instances result in a match between the information stored in the application memory and the information in the database memory. As a result, the CMS repository will not write anything to the database.

Even if you do not want to change the properties of a class instance, you can toggle one of its properties to let it commit to the CMS repository. In the example below, secADInterface has its AliasAutoAdd property initially set to false. If you want to commit secADInterface but not change any of its properties, you can set AliasAutoAdd to true and then back to false.

secADInterface.setAliasAutoAdd(true);
secADInterface.setAliasAutoAdd(false);
infoStore.commit(infoObjects);

See Also:
CePropertyID.SI_MAPPED_GROUPS, CePropertyID.SI_ALIAS_AUTOADD, CePropertyID.SI_ALIAS_AUTOCREATE
Overview   Package  Class  Tree  Deprecated  Index  Help 
 PREV PACKAGE   NEXT PACKAGE FRAMES    NO FRAMES