web.xml

There is a separate web.xml file for each site and this is located at JSP/Servlet engine system directory (i.e. <ifs_home>\jboss\server\<instance_name>\deploy\fndweb.ear\<site>.war\WEB-INF). This is where we send parameters to our one-and-only servlet, "RequestHandler". Also as described below, you should give the physical path to the folder where webclientconfig.xml and other configuration files of the web site to which this web.xml belongs to. The value of the 'config_path' parameter should always use '/' as path separator, even if running on Windows. The framework will always replace the slash '/' character with the OS dependant value at runtime.

<context-param>
   <param-name>config_path</param-name>
   <param-value>WEB-INF/config</param-value>
</context-param>

The HTTP request and response objects direct to and from IFS Web Client goes through several filters. The CSRFGuard is used to prevent CSRF attacks. FndEncodingFilter is used to encode the request and response objects.

    <filter>
	<filter-name>CSRFGuard</filter-name>
	<filter-class>ifs.fnd.servlets.CsrfGuardFilter</filter-class>
    </filter>
    <filter-mapping>
	<filter-name>CSRFGuard</filter-name> 
	<url-pattern>/secured/*</url-pattern>
    </filter-mapping>	
    <filter>
        <filter-name>FndEncodingFilter</filter-name>
        <filter-class>ifs.fnd.servlets.FndEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>FndEncodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

IFS Web Components usually use the default manager class, "ASPManager.class". But this is not always true. There are some IFS Web Components, such as "Plant Design", which use their own managers. If this is the case, you should set the manager-mask. The param-value for the manager-mask can be set as a semi colon separated list as shown below.

<param-name>
    manager_mask
</param-name> 
<param-value> 
    "/secured/demorw=ifs.demorw.DemorwManager;/secured/pladew=ifs.plades.PladewManager"
</param-value>

The Alert thread is a lightweight thread running in the background logging exceptional events of a Web Client application to a file named fndweb-alert.log. The thread is loaded at application start up and continues execution with a low priority. The configuration parameters shown below determine the location of the alert log file, the priority (between 1 and 10) at which the thread executes and the time interval in seconds between iterations.



  <init-param>
   <param-name>alert_file_location</param-name> 
   <param-value>WEB-INF/config</param-value>
</init-param>
<init-param>
   <param-name>alert_thread_priority</param-name>
   <param-value>4</param-value>
</init-param>
<init-param>
   <param-name>alert_thread_interval</param-name> 
   <param-value>30</param-value>
</init-param>

Another init-param entry is the std_portal_mode entry. This param-value should always be set to N.



	<init-param>
   <param-name>std_portal_mode</param-name> 
   <param-value>N</param-value>
</init-param>

In addition to the above settings the web.xml file also contains configurations required for user authentication. The settings depend on the type of authentication used by the application. If the web application uses declarative JAAS authentication then the following entries are required.


<security-constraint>
    <web-resource-collection>
       <web-resource-name>IFS Web Client</web-resource-name>
       <url-pattern>/secured/*</url-pattern>
       <http-method>POST</http-method>
       <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
       <role-name>IFSUser</role-name>
       <role-name>IFSTrustedExternalModule</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <realm-name>IFS Applications</realm-name>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/unsecured/common/scripts/Logon.page</form-login-page>
      <form-error-page>/unsecured/common/scripts/Error.page</form-error-page>
    </form-login-config>
</login-config>

<security-role>
   <role-name>IFSUser</role-name>
</security-role>
<security-role>
   <role-name>IFSTrustedExternalModule</role-name>
</security-role>

If users are Externally Identified (i.e. by the web server) then the file will contain filter entries as shown below. In this case the entries for JAAS shown above should not be present. Filter entries have to be the first entry in the application descriptor.


<filter>
    <filter-name>ExternallyIdentified</filter-name>
    <filter-class>ifs.fnd.securityfilter.FndLoginFilter</filter-class>
    <init-param>
       <param-name>AUTH_TYPE</param-name>
       <param-value>EXTERNALLY_IDENTIFIED_REMOTE_USER</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>ExternallyIdentified</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>ExternallyIdentified</filter-name>
    <url-pattern>/secured/*</url-pattern>
</filter-mapping>

More on the security model used by IFS Web Client