Example Two: Protecting an Application with a Resource
In this part of the example, we protect the Zen application with a resource. Only users that are members of roles granting them permissions on the resource are able to access HomePage.cls.
Before beginning, complete the following preliminary steps:
Add a user (user name is JSmith, password is JSmith) to Caché. Read Creating a User for instructions.
Add a new resource (SecurityTutorialResource). Assign the resource no public permissions. Read Creating a Resource for instructions.
Create a new role (SecurityTutorialRole). Add the SecurityTutorialResource:USE privilege to the role. Read Creating a Role for instructions.
After completing the above preliminary steps, do the following:
Edit the CSP Application definition for the /csp/user application (click [Home] > [System Administration] > [Security] > [Applications] > [Web Applications] and then click /csp/user). In the dropdown box labeled Resource required to run the application, select SecurityTutorialResource. Verify that the Enabled box is checked. Click Save.
Open HomePage.cls in a browser. You can do this from Studio by opening the file and clicking View–>Web Page.
Enter JSmith for both the User and Pwd fields. Click Login. Since the user JSmith is not a member of any role holding privileges on the SecurityTutorialResource resource, the log in fails. You will see an error message in your browser. Exactly what you see depends upon your browser.
Next, add JSmith to the SecurityTutorialRole role. For instructions read Adding a User to a Role.
Once again, open HomePage.cls in a browser.
Enter JSmith for both the User and Pwd fields. Click Login. Since JSmith is now a member of the SecurityTutorialRole, which holds USE privileges on SecurityTutorialResource resource, the log in succeeds. HomePage.cls loads into the browser:
HomePage.cls shows that JSmith is a member of the %DB_USER role as well as the SecurityTutorialRole role. The CSP application automatically adds users to this role while they use the application. It is called an Application Role. A later section of the tutorial discusses Application Roles.