Setting up security and automailing threshold levels

Hi,

I have couple of questions on the same.

  1. We use wME 4.1.1 in our setup. My question is how to setup security to the manager application, so as to prevent anyone in network from viewing the Queue using the manager tool. We do not want to change the existing setup, if it is needed. This is to setup security without changing the code as we use custom adapters written using CADK.
2. How to send auto e-mail when a client's document count reaches a threshold, (say 10000 or so)? 

Thanks in Advance…

wmfan

  1. Setting up security to keep out tools is fairly straightforward, if you have created your custom clients correctly (e.g. used an appropriate client group for them). Your adapters will need to be restarted with a valid certificate, but ostensibly shouldn’t need to be rewritten; all authentication is handled by webMethods code.

Here is how to do it:

Obtain a certificate (let me know if you need help with this process, i wrote a gui application to create and manage certificates in wM Enterprise, but i can’t send it; it is the property of mother wM).

Enable the certificate at the Broker Server level.

Set the ACL for the admin client group on the Brokers you wish to protect. All of the tools (and the adapters as well) use the admin client group to connect to a broker, therefore, if you lock down the admin group, people will need to authenticate before they can connect with the tools.

question 2:

  1. auto-email based on queue level. Create a BrokerAdminClient object that looks at the queue levels you are interested in periodically. If the queue value exceeds a threshold, publish a document to an e-mail adapter to consume. You could create the BrokerAdminClient as a rogue client, or as part of an executing Integration via custom code.

!!!
-greg

Oops, accidentally posted this to the XMLParser help thread… reposting here where i meant it to go!

Oh, if you do have custom clients (as opposed to custom adapters), you should use a BrokerConnectionDescriptor object in your BrokerClient constructor to help authenticate. I recommend abstracting out the BrokerConnectionDescriptor object into a method call, so that if you need authentication at a later date you can modify the method instead of scrambling around your code trying to find everywhere you are passing null into the BrokerClient construction factory method.

The vestigial method would look like:

public BrokerConnectionDescriptor newBrokerConnectionDescriptor() {
return null;
}

Then, when you need authentication/encryption, you can fill out the method to return a singleton (vis a vis lazy init), or build one each time it is requested, or whatever you need!

If you are in adapter code (or an Integration Script) and you need to establish extra clients to a broker (actually encountered something similar to this once while writing a webMethods Enterprise Metrics Adapter), you can take the one that the initial adapter uses and propegate it to your clients instead of worrying about how to construct a new one all the time.

greg

Thanks Greg! that would help.

Greg,
Do you still have the source for SecurityManager? We ran into a problem or two and I wanted to see if I could get them fixed.

Tim,

I have a copy of the source. I am asking Bill Veltri (webMethods PS manager) to forward you a copy. If he doesn’t respond, please let me know.

Thanks!
-greg

I am uploading some prebuilt certificates (EnterpriseCertificateExamplesGoodTo03022011.zip).

Hopefully, Friday i will have enough time to post a step by step process for creating certificates.

-greg

Greg… Can you please update the same…???

No spare time right now. Standby!

Oh, did you want to know how to create certificates, or how to deploy them to lock out tools/developers?

-greg

Please let us know about both the steps.

Thanks!