MicroStrategy ONE
Code Explanation for Scenario: Restricting Access during Certain Times
In this customization scenario, you create a custom ESM that applies additional authorization criteria. To do this, you write code to override the isRequestAuthorized method, which is called for every request. This method allows you to tell MicroStrategy whether a request is authorized or not— which is quite powerful because you can make this decision based on almost any criteria that you choose. While this sample code restricts user access to the application during certain times based on whether or not the user is an administrator, you can use different logic to apply other authorization criteria.
Custom ExternalSecurity java class (calledRestrictUserAccess.javain the corresponding scenario)
A generic explanation of how to create the custom ESM code required to perform this customization is provided below. The code is explained in sections, with the explanation preceding each section of code.
-
Explanation: Specify the package in which this class will reside and import the necessary classes, including AbstractExternalSecurity (which contains default implementations for all of the methods). Declare that this custom External Security class (compiled from the sample java file called RestrictUserAccess.java in the corresponding scenario) extends AbstractExternalSecurity.:
Copypackage com.microstrategy.sdk.samples.externalsecurity;
import com.microstrategy.web.objects.WebIServerSession;
import com.microstrategy.web.app.AbstractExternalSecurity;
import com.microstrategy.web.beans.RequestKeys;
import com.microstrategy.web.platform.ContainerServices;
import com.microstrategy.webapi.EnumDSSXMLPrivilegeTypes;
import java.util;
public class RestrictUserAccess extends AbstractExternalSecurity { -
Explanation: Override the isRequestAuthorized method so that it does the following::
-
To use in determining whether it is a weekday or a weekend, the method gets the current system time.:
Copypublic boolean isRequestAuthorized(RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)
{
Calendar lCurrentTime = Calendar.getInstance(); -
To ensure that the login page will be displayed if there is no session, the method checks to see if a session has already been established and, if not, allows the request through (that is, returns true). :
Requests without sessions must be explicitly allowed through so that the login page will be displayed.
Copytry
{
if(!user.isAlive())
{
return true;
} -
To determine whether time restrictions should be applied, the method checks to see if the user has administrative privileges. If so, it allows access regardless of the time (that is, returns true) because administrators may need to administer the system at any time.:
Copyif(user.getFactory().checkUserPrivilege(EnumDSSXMLPrivilegeTypes.DssXmlPrivilegesWebAdministrator))
{
return true;
} -
If an error is encountered, the method prints an error message and stops request processing (that is, returns false). In a production environment, the application would generally handle error messages in a more professional manner.:
Copy}
catch(Exception e)
{
System.out.println("Error testing session for status: " + e.toString());
return false;
} -
If the user is not an administrator and the current day is Saturday or Sunday (web server time), the method denies access to the application (that is, returns false). In this scenario, ordinary users are not permitted to use the application on the weekend.:
Copyif(lCurrentTime.get(Calendar.DAY_OF_WEEK) == Calendar.SATURDAY || lCurrentTime.get(Calendar.DAY_OF_WEEK) == Calendar.SUNDAY)
{
// No one is allowed to work over the weekend!
return false;
}
else
{
// Weekdays are fine
return true;
}
}
}Since the isRequestAuthorized method is called for every request, the user will actually be cut off at the stroke of midnight on Friday even if they are in the middle of doing a series of web operations.
-