6.5.4 Partial User Authentication - Process Level Security
The Partial User security model allows specific processes to be authenticated while the remainder of your application uses anonymous access. With this model you can choose which of your LANSA processes require user authentication.
When LANSA for the Web is invoked, it will check if the Web Server has passed a user profile. If the Web Server has not passed any user profile, then it determines if the requested LANSA process requires user authentication. If no authentication is required for the process, the user will be allowed access as an anonymous user.
However, when the user attempts to use a LANSA process that has been registered as requiring user authentication, LANSA for the Web will redirect the request to the LANSAWEB script program in a library which forces the Web Server to request a user profile. The Web Server will not permit any further progress until a valid user profile is provided. If a valid user profile is provided, then LANSA for the Web is invoked.
You do not have to modify the URL of your LANSA applications using this alternative. Your URL will still point to the CGI-BIN library. LANSA for the Web looks after the redirection of the request to the authentication library automatically for processes that have been set up for user authentication.
If a Web Server has passed a user profile, LANSA for the Web checks if it is a registered LANSA for the Web user. If the user is known to LANSA for the Web, the associated Data/Application Server user profile is used to execute LANSA. This user profile will be used to determine the access rights at the Data/Application Server.
If the Web Server user profile is not registered with LANSA for the Web, the user will still be allowed to use LANSA for the Web provided there is an anonymous user registered. This means that LANSA for the Web will use the default user profile to determine your access rights.
Note that once the Web Server has authenticated the user, the profile is persistent throughout the life of the browser. This means that a subsequent request to LANSA for the Web will use the same user profile, irrespective of whether or not the LANSA process requires user authentication.
To configure Partial User Authentication on an IBM i Web Server, complete the following steps:
Step 1. IBM i Validation Lists & Add Users
Step 2. Update IBM i Web Server Configuration
Step 3. Execute Administrator to Define Process Authentication
For details of authentication using a Windows Web Server, refer to the Installing LANSA on Windows Guide.