Public Wiki

Web Configuration

SSDT Wiki Updates - Mon, 05/04/2015 - 1:25pm

Page edited by Sara Glore

/**/ OSU

Here is an example of configuring the OSU server to access a specific "FiscWeb" directory.

Suppose that all your FiscWeb directories are stored in WWW_FISCWEB:[xx.yy]. Where WWW_FISCWEB is a device or rooted logical. "xx" is a code for the district and "yy" is a code for a specific group of users. And you want the URL pointing to these files to be http://yourhost/fiscweb/xx/yy/* There are two parts to configuring a typical fiscweb directory. The first is telling the web server how to map the URL to the physical location of the files. The second is telling the server how to protect the files. There are two rules necessary to accomplish this. So first, in www_system:http_paths.conf add these rules: protect /fiscweb/xx/yy/* www_system:fiscweb_xx_yy.prot pass /fiscweb/xx/yy/* /www_fiscweb/xx/yy/* The first rule says "protect URL's starting with /fiscweb/xx/yy/ using the rules in the file called www_system:fiscweb_xx_yy.prot". The second rule only applies if authentication is successful and says "URLs starting with /fiscweb/xx/yy reside on disk at WWW_FISCWEB:[XX.YY]". Note: Device and directory specifications in the .CONF file are specified as Unix specifications. So /www_fiscweb/xx/yy/* is equivalent to WWW_FISCWEB:[XX.YY...]*.* Next you must create the FISCWEB_XX_YY.PROT file. This is the file that OSU server will read to determine what access limitations to place on the URL path. There are a number of options within the OSU's authenticator, including hardcoded username and passwords, VMS usernames and passwords, or VMS ACL's. An example of a .prot file might look like: <realm>XX YY's USAS Reports smith * dave minordiety In the above example, the <Realm> indicates the prompt that will be shown when the web browser prompts for the username/password. the "smith *" indicates that the VMS user smith can access the URL with his VMS password. (The "*" indicates the VMS password is to be used). The last line creates a non-VMS user "dave" who can login with the password "minordiety". You can include as many specific usernames as you need in a single prot file. An example using an ACL might be: <realm>XX YY's USAS Reports (IDENT=[100,*],ACCESS=READ) (IDENT=SMITH,ACCESS=READ) * * dave minordiety In this example, any VMS user (as indicated by the "* *" for the username and password) who is either in UIC group [100,*] or who's UIC is SMITH can access the URL. Also notice that non-VMS users can still be used with ACL. In the case of non-VMS users, the ACL's are ignored. For more information about protect files see the OSU documentation or ask for help in the Third Party forum. -djs The example in this topic is only one possible way of configuring a fiscweb directory under OSU. Those of you familiar with OSU will note that there are shortcut ways of specifying the map/pass rules. I picked the above method as the most straight forward example. Also, by explicity adding a pass and protect rule for each directory, there is less chance of unintentionally granting access to a directory. A common variation to the above configuration is to place the protect files in the same directory as the files they are protecting. For example, the rules protect /fiscweb/* .www_protect pass /fiscweb/* /www_fiscweb/* could be used to protect all files under /www_fiscweb. The protect file starting with a dot, indicates that the OSU server should look in the directory there the files exist for a .www_protect file. If you use this method, you must be careful to place a .www_protect file in each directory you want protected (or do not define the ALLOW_WD_MISSING symbol, so that the authenticator will require a protect file to grant access). The advantages of this method is primarily fewer rules that need to be placed in the servers configuration. You also may find it more convienent to have the protect rules in the same place as the files being protected. -djs Apache

Here is an example of configuring the Apache server to access a specific "FiscWeb" directory.

Suppose that all your FiscWeb directories are stored in WWW_FISCWEB:[xx.yy]. Where WWW_FISCWEB is a device or rooted logical, "xx" is a code for the district and "yy" is a code for a specific group of users. And you want the URL pointing to these files to be http://yourhost/fiscweb/xx/yy/* In Apache, each directory accessable by the server, needs to be "configured" using a <Directory> directive. The Directory configuration specifies options for the directory, including how/if the directory is protected. The directives must be placed in the HTTPD.CONF, or placed in a separate file and included into HTTPD.CONF. First, you will want to specify an alias to map the URL to the appropriate physical location of the files: Alias /fiscweb "/www_fiscweb" This maps URL's starting with /fiscweb to the physical location of WWW_FISCWEB:. Notice that you only need one alias for all fiscweb directories, assuming they are all under the same device. Next you should specify a default Directory configuration for all files under /www_fiscweb: <Directory "/www_fiscweb"> Options Indexes AllowOverRide none Order deny,allow Deny from all </Directory> Notice the "Deny from all" which means by default no one can access any directory under /www_fiscweb. This prevents unintentionally granting access to a directory. Next, you explicity override the configuration for each directory you want to grant access to: <Directory "/www_fiscweb/xx/yy"> Order allow,deny Allow from all AuthType Basic AuthName "A Fiscweb for xx yy" RequireOpenVMS ACL (IDENT=[100,*],ACCESS=READ) Require valid-user </Directory> This example allows all users in UIC group 100 access to the directory. Note: This example assumes you've installed the MOD_AUTH_OPENVMS_ACL module (see Third Party forum). It is also possible to use non-VMS usernames with or without VMS usernames in the same directory. This is done with the MOD_AUTH module (one of the Apache core modules). See the Apache documentation for info about MOD_AUTH and see the documenation from MOD_AUTH_OPENVMS_ACL for examples of using them together. -djs Apache is a very configurable web server. There are many configuration options that you can apply to directories. Also, configuration information for a directory can be placed in a special file called .htaccess. You can place an .htaccess file in the directory being served. The configuration rules in an .htaccess apply to that directory and all directories below it (which may or may not have their own .htaccess files). If you wished to use .htaccess files instead of placing everyhing in HTTPD.CONF, then the previous example may be done as follows: In HTTPD.CONF: Alias /fiscweb "/www_fiscweb"  <Directory "/www_fiscweb">  Options Indexes AllowOverRide AuthConfig Limit Order deny,allow Deny from all </Directory> Again, this sets the default configuration for all files under /www_fiscweb. The main difference in this example is the "AllowOverRide" directive. This indicates which type of configuration options an .htaccess file is allowed to override (see the Apache docs for more info). Then, in www_fiscweb:[xx.yy] you would create an.htaccess file containing: Order allow,deny Allow from all AuthType Basic AuthName "A Fiscweb for xx yy" RequireOpenVMS ACL (IDENT=[100,*],ACCESS=READ) Require valid-user This .htaccess file would apply security to www_fiscweb:[xx.yy] and any subdirectories, unless the subdirectories also had an .htaccess file. The main advantage of .htaccess files is that you don't have to restart the web server each time you make a change or create a new directory. The disadvantage is that the web server has to work harder looking for and reading .htaccess files on each request. -djs

 

 

View Online · View Changes Online Sara Glore 2015-05-04T17:25:05Z
Categories: Public Wiki

FISCWEB Technical Setup

SSDT Wiki Updates - Mon, 05/04/2015 - 11:50am

Page edited by Sara Glore

FiscWeb – A New Look at Your District Financials! 

FiscWeb is an imbedded capability of the OECN State Software, and can be utilized with the USAS, USPS, and/or SAAS packages. What this service entails is the creation of a password-protected Web page that can be utilized to access current (or archived) reports for your district. If this repository is built for current reporting the reports will be generated automatically nightly for districts that select to utilize this service. Because the access provided using this method is to reports only, individuals granted access to this service are being given safe read-only access to your district's data. It is possible for the ITC to perform extensive customization of the types of reports provided through this service. Basically, any report that can be generated using the OECN State Software can be made available for review via FiscWeb. Access can be customized such that different users have different reports available to them. The reports are made available in Adobe Acrobat Portable Document Format (PDF) files that can be correctly displayed and printed on all types of computers. Access to these reports does require the free Adobe Acrobat Reader software, which is available at no cost from Adobe's web site.
If this sounds like something you'd be interested in exploring, please contact your ITC for assistance!

View Online · View Changes Online Sara Glore 2015-05-04T15:50:09Z
Categories: Public Wiki

Releases and Web Casts

SSDT Wiki Updates - Fri, 04/24/2015 - 10:51am

Page edited by Dave Smith

ITC Fiscal Year End Review Meetings View Online · View Changes Online Dave Smith 2015-04-24T14:51:20Z
Categories: Public Wiki
Syndicate content