Saturday, June 8, 2019

Enhanced Central User Management on webMethods

Central User Management

By configuring Central User Management on Integration Server, we could authenticate user by not only IS local users, but also MWS users. Because MWS is capable to integrate with other directory services such as LDAP and AD, so it's definitely a better idea to reuse what you already have instead of create them once again.

Central User Management on IS

Usually what we did with central user is, to assign proper ACLs and make sure that user has correct permission. But actually we could do a lot of more. We could:
  • Create, read, update, delete, search user
  • Create, delete, search, list role
  • Create, delete, search, list group
  • Add user/group to group, remove user/group from group
  • Add user/group/role to role, remove user/group/role from role
  • Find members of group/role
I developed an IS package with a set of Java services to achieve them. You could download it from GitHub, https://github.com/dingago/HxEnhancedUserManagement. The code is verified on webMethods 9.9.

With Great Power Comes Great Responsibility

It also bring some extra risks to have such capability. Without proper ACL, everybody on IS, even with minimum permission, could create new user on MWS with administrator permission, and then grant himself/herself a higher authority with the created new user. Be Careful!
at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Extendable System Monitor on webMethods

System Connectivity Monitoring There could be hundreds of systems integrated in a big company, and it's a challenge for administrator...