You are on page 1of 4

WIM General User’s Guide

Rosario Turco (Naples – Italy) rosario_turco@virgilio.it

Description
When we have got a Web Application, we also have many questions:

1. How can we protect the Web Application


System?

2. How can we get the profiling capabilities


and maintain the provisioning of users externally
at the Web Application System?

3. How can we obtain the association


between functionality and profile of user?

1
WIM accelerate your development:

1) It is a external framework , you can use and attach at your web applications.

2) You must only design your web applications, keeping in mind the security constraints of WIM, so you can
maximize the potential of WIM.

3) WIM is a simple and secure system with SSO, https and a policy server (SPOS) for web applications. It is
suitable for small and medium enterprises, with low cost but high potential. WIM helps you to centralize
the username/password cycle provisioning on SPOS, to assign a profile at the user on each Web
applications (the user can have different profiles, one on each system), to have encrypted password, to
change the expired passwords (each three months). WIM also offers an agent CPOS for login
authentication in https and API for SSO.

SPOS is a Simple Policy Server (SPOS.war), with KBFE (Knowledge Base Framework Engine) and Tomcat
technology. It must be centralized for all system application.

CSPOS is the agent, the client of SPOS (CSPOS.war), with Tomcat & Struts2 Interceptor technology. It must
be installed on each system application.

You can introduce or no, AFPS. AFPS (Associated Functionality & Profile Server) can use KBFE (See KBFE
User’s Guide on SourceForge; in the software of WIM you have kbfe.jar) to model an ontology for
Functionality, Profile and relation. In this case you models with Protegè your ontology. You can develop
AFPS yourself or if you want, you can also use a database for this. The database must have a table for
functionality, a table for profile, a table of association.

The software is available on http://rturco.users.sourceforge.net/

2
SPOS configuration
 Under %CATALINA_HOME%/bin make two directory: dbinfo and dbquery
 Under %CATALINA_HOME%/bin put KBFE.properties, log4j.properties,SPOS.owl

SPOS.owl is a template that you can modify with Protegè 4.1 (download it for this) for username, profile
and system; but to function properly it must remain as it is in the structure modeling.

 Verify that %CATALINA_HOME% is configured in the environment (Windows o Unix)


 Unzip jdom.zip and pellet-2.2.2 for example in C: or on filesystem Unix
 Modify %CATALINA_HOME%/bin the file startup.bat (or .sh on Unix) for example:
@rem Set Pellet Home
set PELLET_HOME=C:\pellet-2.2.2
@rem Set JDOM Home
set JDOM_HOME=C:\jdom
set KBFE_HOME=C:\kbfe
@rem Set CLASSPATH
set CLASSPATH=%CLASSPPATH%;%JENA_HOME%\lib\jena-2.6.4.jar;%JENA_HOME%\lib\slf4j-log4j12-1.5.8.jar;%JENA_HOME%\lib\slf4j-
api-1.5.8.jar;%JENA_HOME%\lib\xercesImpl-2.7.1.jar;%JENA_HOME%\lib\iri-0.8.jar;%JENA_HOME%\lib\icu4j-
3.4.4.jar;%JENA_HOME%\lib\arq-2.8.7.jar;%PELLET_HOME%\lib\pellet-cli.jar;%PELLET_HOME%\lib\pellet-
core.jar;%PELLET_HOME%\lib\pellet-datatypes.jar;%PELLET_HOME%\lib\pellet-dig.jar;%PELLET_HOME%\lib\pellet-
el.jar;%PELLET_HOME%\lib\pellet-explanation.jar;%PELLET_HOME%\lib\pellet-jena.jar;%PELLET_HOME%\lib\pellet-
modularity.jar;%PELLET_HOME%\lib\pellet-owlapi.jar;%PELLET_HOME%\lib\pellet-owlapiv3.jar;%PELLET_HOME%\lib\pellet-
pellint.jar;%PELLET_HOME%\lib\pellet-query.jar;%PELLET_HOME%\lib\pellet-rules.jar;%PELLET_HOME%\lib\pellet-
test.jar;%PELLET_HOME%\servlet.jar;%JDOM_HOME%\lib\ant.jar;%JDOM_HOME%\lib\jaxen.jar;%JDOM_HOME%\lib\saxpath.jar;%JDO
M_HOME%\lib\xalan.jar;%JDOM_HOME%\lib\xerces.jar;%JDOM_HOME%\lib\xml-apis.jar;%JDOM_HOME%\build\jdom.jar
 Put SPOS.war under %CATALINA_HOME%/webapps
 Start Tomcat, so SPOS.war is exploded in a directory
 Stop Tomcat
 Copy the content of lib.zip in %CATALINA_HOME%/webapps/WEBINF/lib
 Use Startkey.jar in this mode:
java –jar Startkey.jar %CATALINA_HOME%/bin
You obtain Start.Key in %CATALINA_HOME%/bin/dbinfo that contains the encrypted key to encrypt
the passwords.

Now the installation is completed, but now you must configure the username, profile and system with
Protegè. when you set up a username the first time, put:

 a expiration_date very old


 encrypted password = username, so you get that the user changes the password the first time.

For encrypted password = username you can use the SetInitialPsw.jar in this mode:

java –jar SetInitialPsw.jar %CATALINA_HOME%\bin <username>

In SPOS.owl there are some examples of setting, but when you generate your SPOS.key you must change
the passwords of the examples, because SPOS.key is random and different of my examples.

For expiration_date you must use this format for example:

<expiration_date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">1888-02-01T00:00:00.000</expiration_date>

The profiles in this example are: ADM (administrator), OPE1 (operator 1), OPE2, OPE3, but you can add
other profiles or change.
3
CSPOS configuration
CSPOS is the agent that you must configure on each system for authentication.

 Under %CATALINA_HOME%/bin put CSPOS.properties, log4j.properties


 Put CSPOS.war under %CATALINA_HOME%/webapps
 Start Tomcat, so CSPOS.war is exploded in a directory
 Stop Tomcat
 Copy the content of lib.zip in %CATALINA_HOME%/webapps/WEBINF/lib

In CSPOS dir you see in resourse struts.xml and index.jsp in WebContent.

Where do we attach our web application?


index.jsp is only an example but you mut substitute it with your main servlet. In your main servlet you must
control on the session if username, profile, oursystem aren't null, otherwise you must do
response.sendRedirect("Logout.jsp") or response.sendRedirect("Login.jsp").

Then you must write your servlet in file struts.xml in substitution of index.jsp (See in WebContent of
CSPOS.war).

The PROFILE parameter you can get from session.getAttribute("PROFILE") for you application. CPOS sets
USERNAME, PROFILE and OURSYSTEM, which your main servlet must read on the session.

Can we change the layout of Login page?


Yes, you can customize the Login.jsp with layout of your web application. You must open the war and
substitute Login.jsp with yours.

Where is Logout?
You must insert the logout in each page of your application. An example of Logout is here.

<p>
<p>
<a href="<%= request.getContextPath() %>/logout.action">Logout</a>
<p><p>
<b>

Suggest
You must made your Web Application keeping in mind the security constraints of WIM, so you can
maximize the potential of WIM.

SSL configuration SPOS e CSPOS


You must configure SPOS and CSPOS with SSL. A tutorial is http://techtracer.com/2007/09/12/setting-up-
ssl-on-tomcat-in-3-easy-steps/