Authorization
Perform the filtering of agents in the Web Server layer. When enabled, authenticated users can be authorized to access specific domains or agents.
By default, users have access to all configured domains and agents.
To configure the filtering of domains and agents in the User Agent Config file, use one of the following ways:
• | Use a File Path: add the following entry in web.xml under the 'main_servlet' definition. |
<init-param>
<param-name>user_agent_config_file</param-name>
<param-value>/hawk_user_agent_cfg.txt</param-value>
</init-param>
• | Use a URL: an example of configuring domain filtering with a URL is as follows: |
<init-param>
<param-name>user_agent_config_file</param-name>
<param-value>http://<hostname:port
>/hawkusers/hawk_user_agent_cfg
.
txt</param-value>
</init-param>
Example of hawk_user_agent_cfg.txt
is as follows:
# This file is used by agent running with "COM.TIBCO.hawk.security.trusted.Trusted
" security model.
#
#
# Explanation of Settings:
#
# This file provides authorization or filter level for node/agent for WebConsole application.
# This doesn't include microagent and methods level authorization, even if the microagent and methods are defined, then those are ignored.
# The node column can have a node/agent name or "agent dns domain
" or "agent:dns:domain
" format.
# Wild card * is supported in both user and node column.
# Access restrictions can be defined for an user by starting record with !
# In case of any conflict in grant and restriction, the restriction has the precedence.
# Examples
# 1. admin has access to all agents/nodes and domains
# 2. user1 has access to agent1 under domain1 with dns dns1.
# 3. user2 has access to all agents/nodes under domain domain2 and any dns.
# 4. user3 has access to agent3 if agent3 doesn't belong to domain3
#
# File format:
#
# user node
# access
# &
# restrictions
#
admin *
user1 "agent1 dns1 domain1"
user2 "* * domain2"
user3 agent3
!user3 "* * domain3"