Role-based UI URLs

You can configure user roles and URLs to control the areas of the user interface users can access. For example, you can have a URL that only allows login to AS2 trading users and another URL that allows log in by internal users as unrestricted administrators.

Multiple web applications

In Jetty you can create multiple web applications that point to the user interface implementation for the trading engine. The UI code supports an attribute named allowRoles on each web application in the Jetty configuration file. The file is named jettyCn.xml and is located in <B2Bi_install_directory>/InterchangeActivator/webapps.

Support for multiple URLs allows administrators to configure firewalls to filter based on the URLs. For example, a company may allow access only to the admin URL from its local network, but allow users to access the submit URL from the Internet. No one on the Internet could log in as admin and no one from the Internet could lock up the admin account.

The admin role is system-defined, but the allowRoles attribute can contain one or more of your custom roles. The following example shows the allowRoles attribute with two user-defined roles: role1 and role2. A user only must be associated with one of the roles to be granted access to the web application.

<Call name="setAttribute">


<Arg>role1, role2</Arg>


When a web application definition has the allowRoles attribute, only user accounts with those roles can log in to that web application. When a web application does not have the allowRoles attribute, all users can attempt to log in to that web application. Determining whether a user is associated with an allowed role occurs before the user ID and password are submitted to user authentication. This means login attempts with a disallowed user ID do not cause the user account to be locked out because of too many failed login attempts.

UI context path

A servlet container supports simultaneous web applications by assigning a ClassLoader to each one. When the web server gets an HTTP request, the servlet container decides which web application should process the request based on the context path. The context path is the first component in the URL path after the server address. For example, in the URL (the context path is /ui):

http://myserver:6080/ui/UserPass https://<host>:<port>/ui/UserPass

Help with configuration

For configuration help, sample code and explanatory comments are included in the file:


Related Links