securityDomain

Top  Previous  Next

MoreMotion Security component requires a Security Domain is configured with securityDomain configuration element.

  <securityDomain name="main">
    <param name="broker">MySQL</param>
    <param name="conn">SuperStore</param>
    <param name="cookie.opt">2. Remember User</param>
    <param name="cookie.maxage">2592000</param>
    <param name="fla.maxtry">3</param>
    <param name="fla.suspend">5</param>
    <param name="fpmail.enckey">xyz</param>
    <param name="fpmail.smtp.host">mail.mycompany.com</param>
    <param name="fpmail.smtp.port">25</param>
    <param name="fpmail.smtp.user">reminder@mycompany.com</param>
    <param name="fpmail.smtp.password">x123</param>
    <param name="fpmail.smtp.auth">true</param>
    <param name="fpmail.subject">Change Password</param>
    <param name="fpmail.mailtext">
  Please click on the link below to change your password:
  {CHANGE_PASSWORD_LINK}
    </param>
  </securityDomain>

The name of the security domain must be unique in the whole MoreMotion configuration. If there is only one security domain in the application it name can be defaulted to "main".

Nested Elements

broker (Accepts MScript)

The name of a security broker configured with securityBroker element.

conn (Accepts MScript)

Security Brokers usually require a JDBC connection. If that is the case, specify the name of a JDBC Configuration configured with jdbcConnection element.

 
Remember User

cookie.opt (Accepts MScript)

Defines the option for handling the states of the users that were logged in to the system previously. The options are:

1.Do Not Remember: Previously logged-in user is NOT saved in cookie.
2.Remember User: Name of the user is saved in cookie and mor_security_userinfo data source always provides the username by reading its value from the cookie.
3.Accept As Logged In: If a user was logged-in to the system previously and left the application without actually logging-off, the next time he opens a page of the application he is made logged-in automatically. Define this option only if security is not your primary concern.
4.User Decides. This option can be preferred to let the user decide whether the system remembers him or not. If that is the case on the login Process Form a field or a Process Field with name "rememberme" must be provided. The value of the field should be one of these:

"false"

Do not remember the user

"name"

Remember only the username

"true"

Keep the user logged in unless he explicitly logs off

 

cookie.age (Accepts MScript)

Specifies the age of the cookie in seconds. 

 
Failed Login Attempts

fla.maxtry (Accepts MScript)

Defines how many wrong passwords can be given one after another. Value 0 means that there is no limit. If a value greater than 0 is defined and the user exceeds this value then the user is suspended for the time period which is defined with "Suspend Duration" property.

fla.suspend (Accepts MScript)

The value of this parameter becomes effective if  a value greater than 0 is given to the fla.maxtry parameter. If a user enters wrong password more than maksimum tries value he will not be able to login for the time period defined in this property. After the time is up he can retry again.

 
Forgot Password Mail

The Security Component provides a standard procedure to recover the forgotten passwords. The SML function SendResetPasswordMail() sends the user an email that contains a change password link. The required STMP account and mail settings are defined with the following properties.

fpmail.enckey (Accepts MScript)

The key that is used when encrypting the link to the reset password page.

fpmail.smtp.host (Accepts MScript)

SMTP Host Name

fpmail.smtp.port (Accepts MScript)

SMTP Account Port Number

fpmail.smtp.user (Accepts MScript)

SMTP Account User Name

fpmail.smtp.password (Accepts MScript)

SMTP Account User Password

fpmail.smtp.auth (Accepts MScript)

SMTP Account Authentication required flag

fpmail.subject (Accepts MScript)

The subject of the mail

fpmail.mailtext (Accepts MScript)

The text of the Mail. There has to be a "{CHANGE_PASSWORD_LINK}" definition in the mail text that will be resolved to a link to the reset password page