Markup Language Skeleton Customization › Specific Customization › Tips and Techniques › Accessing Web Option Through Another Website

Accessing Web Option Through Another Website

The URL that you should normally use to initiate a Web Option session:

http://WEB2EDOC/

However, it is possible to sign directly onto Web Option using the following methods:

• Single user sign-on

  In this mode, a call to Web Option using the previous URL results in the router always opening a session with a single specified user id and password (bypassing the normal sign-on screen).

  The user ID and password are specified in the YDFTUSR Web Option control value. To set these values, run the following command:

  YWRKW2EVAL W2EVAL(YDFTUSR)
  

  Then, enter the 20-character string as 'userid password'

  Where userid is a user ID on that IBM i and password is the password for that user ID.

Note: If the user ID is less than 10 characters, it must be padded with blanks, so that the password starts at character 11 of the VALUE parameter. For example, if the user ID and password chosen are DFTUSER and DFTPASS, then the actual YDFTUSR value is:

'DFTUSER   DFTPASS   '

Setting an YDFTUSR value severely limits the use of Web Option, but it does ensure the strictest level of security (assuming that the specified user has only extremely limited authority on the IBM i. For instance, this is useful if only external customers were intended to use the Web Option.

• Specific user sign-on

  In this mode, you can append a parameter to the basic Web Option URL to allow a specified user to sign on, as follows:

  http://WEB2E?*external-user-name*external-password

  Note that a question mark separates external-user-name from the basic URL (signifying that the following data is the parameter) and a leading asterisk precedes both external-user-name and external-password.

  The external-user-name and external-password are not an actual IBM i user ID and password. Instead, they are external values that are compared to internal values held on file. They can each be up to 15 characters long, and are case-sensitive. When the router receives a parameter that commences with an asterisk, it calls the YW2EUSRRXR user exit program. This program is shipped with the product along with its source, enabling customers to modify it as they wish. YW2EUSRRXR parses out the external-user-name and external-password from the parameter and checks for a record on the YW2EUSRRFP External Users file. A related internal IBM i user ID and password are used to start an IBM i session depending on whether a record exists, whether the external-password is correct, and whether the specified user is currently authorized.

  A typical YW2EUSRRFP record might be:

  External user ID                  15   username1     
  External password                 15   password1     
  Internal user ID                  10   ABC           
  Internal password                 10   ABCPASS       
  User description                  50   User Name     
                                                       
  Flag 1                             1   N             
  Flag 2                             9.0         0     
  Flag 3                            10                 
  Error page                         8   YNOAUTH
  

  In the above case, an external user with the user ID username1 and password password1 has been defined so that they can sign on directly to the IBM i using the user id ABC and password ABCPASS.

  The Flag 1, Flag 2 and Flag 3 fields are generic fields that can be used when you customize YW2EUSRRXR to provide further validation links to your own files. Use the Error page field to specify what error page to display if the user has been de-authorized or does not pass other customer-specific validity checks.

  Information about this exit program is included with the source of the YW2EUSRRXR program in the QRPGLESRC source file in the Web Option product library.

Notes:

• It is possible to pass only an external-user-name, for example:

  http://myas400:4100/WEB2E?*external-user-name

  in which case,YW2EUSRRXR looks for a record on YW2EUSRRFP for the specified external-user-name with an external-password of *NONE. However, an internal IBM i user ID and password must both be specified.

• If the internal IBM i user ID, password, or both are incorrect or do not exist, the user is presented with a sign-on screen, unless you explicitly add user-validation.
• If you specify the internal user ID as *DFTUSR and the internal IBM i password as blank, the current value for the YDFTUSR is used.
• Internal IBM i user IDs and passwords are currently held in plain-text format in YW2EUSRRFP.

Therefore, the following three strategies are possible:

• Everyone automatically uses the default user ID and password (bypassing the sign-on screen).
• Specific users can sign on automatically (bypassing the sign-on screen). All others are either presented with the sign-on screen, automatically sign-on using the default user ID and password (bypassing the sign-on screen), or are presented with the authority rejection screen.
• All users are presented with the sign-on screen.
• All users are presented with the authority rejection screen.

Note: Processing the YDFTUSR and YUSRTYP Web Option control values is done using real-time values-that is, a change to either of these values takes effect immediately and any jobs that access Web Option.