Users Login Security
The Policy > Users node item opens a series of dialog boxes in which you can manage and enter user information. The first part of this dialog to appear is Figure 21-2, where you can search for users.
Figure 21-2 User Search and Selection
Using the buttons on the right of this screen, you can Disable/Unlock users, and Reset Password for the selected user.
This screen displays whether users are Disabled/Enabled and whether users are Locked Out (with a timestamp). Users are disabled when their login rights expire (see Figure 21-3). Disabling a user sets his account to expire at the current time. To re-enable the user, you can Edit him, resetting the Account Effective date to some future time in the Edit User > Security tab (Figure 21-2). Users are locked out when they make too many erroneous login attempts (the default is three). To let a locked user log in, select the user (OWPublic in Figure 21-2) and click Unlock User.
Oware derives the user account status based on values in OWUser and OWAppSecurityPolicy.
• If OWUser.effectiveDate in the future, then account status = Disabled
• If OWUser.expirationDate is past, then account status = Disabled
• If OWUser.TimeLastLogin + OWAppSecurityPolicy.IdleAge is less than CurrentTime, then account status = Disabled
• If password has expired, then If OWUser.TimeLastLogin + OWAppSecurityPolicy.ExpiredAge is less than CurrentTime, then account status = Disabled
• If OWUser.TimeLockedOut is not zero then account status = Disabled
You can Add a user, or select one to Edit. When you do, the tabbed dialog in Figure 21-3 appears.
Figure 21-3 Add/Edit User Dialog Tabs
The Security tab has a start (Account Effective) and selectable end (Account Expires) date, as well as a Password Expires date. Clicking the ellipsis (...) next to the date fields displays a calendar where you can select dates. The Password Expires date (and it’s checkmark, indicating it is active) is for display only. You can set these in Application Policy.
Remember the following as you use Oware’s security features:
• Roles are applied in the priority they appear in the selection dialog. You can rearrange this selection by deleting, then re-adding them to the role list.
• Network Services ships with security enabled. (See the next bullet item.)
• You must change the owappserver.properties line com.dorado.core.security.object.enabled=false to true (Oware ships with the false default).
To use Oware security in an application, if it does not already exist (as in Network Services), you must create a security form in the Oware Creation Center, and select that form in the sequence you create there for your application’s secure forms. See the Oware Creation Center User Guide’s chapter about sequences for detailed information about this. Typically, you can use Oware’s supplied form as the basis of your form. The Oware form is com.dorado.oware.apps.appframework.OWServerLoginForm (Figure 21-4).
Figure 21-4 OWServerLoginForm
Once you do the above, launching an application starts the security form which must be successfully completed by users before they can go further.