[JAVA] A description of the JDBC Sample that will be helpful when developing a custom authentication provider with the Cognos SDK

Overview

I don't know Cognos at all, but it's better to suddenly end up developing a custom authentication provider for Cognos just because you can write Java. A custom authentication provider is a story of coding in Java of the Cognos SDK to create the Cognos authentication / authorization function itself. Normally, Cognos uses the user information for authentication / authorization that exists in LDAP, but when you want to retain the user information in a database table for some reason, such as not having LDAP, and perform authentication / authorization. Custom Authentication Providers (CJAP) will appear in such places.

When developing with this pattern, it is almost impossible to write all the code from scratch, and it is usual to develop based on the Cognos SDK CJAP sample called JDBCSample.

By the way, development starts by reading the JDBC Sample, but I think that it is very difficult for people who do not know Cognos to understand, so I would like to post a reading point.

Custom Authentication Provider (JDBCSample) Configuration

First, you need to install a module called Cognos SDK, but once you install it, JDBCSample will be placed in the following directory. C:\Program Files\ibm\cognos\c10_64\sdk\java\AuthenticationProvider\JDBCSample

There is a table creation DDL for DB2 called dbInit_db2.sql in this, so if you run this, you can create a sample table that holds user group information. 014.PNG

If you build with build.bat on the same folder, CAM_AAA_JDBCSample.jar will be created, so place it in the following folder. C:\Program Files\ibm\cognos\c10_64\webapps\p2pd\WEB-INF\lib

009.PNG

Then, if you create a custom Java provider namespace with Cognos Configuration authentication and specify RestorableJDBCSample as the Java class name, this class will be called as the main class during authentication. 008.PNG

Well, finally the main subject, but since it is important to read this RestorableJDBCSample class, I will describe it below.

RestorableJDBCSample class

The source of the RestorableJDBCSample class is below, so let's open it. C:\Program Files\ibm\cognos\c10_64\sdk\java\AuthenticationProvider\JDBCSample\RestorableJDBCSample.java

** init method ** The simplest thing is the init method from line 222. 013.PNG

This is a method that is read from services when the Cognos process is started. 002.PNG

** logoff method ** The following is also a simple logoff method from line 113. 011.PNG

When you log in to Cognos, you will see this portal screen (Cognos Connection). This method is called when you literally log off from Cognos by clicking the word "log off" in the red frame. 003.PNG

** login method ** Now, the login method starting from the next 54th line is the key. Of course, this method is called when you log in to Cognos, but when you look at the source, what are the red circles (1) getTrustedCredentialValues, (2) getCredentialValues, (3) getFormFieldValues, and (4) getTrustedEnvironmentVaribleValue? 015.PNG

① What is getTrustedCredentialValues? Cognos has a scheduling feature that allows you to run reports on a regular basis and save them to PDF. Next to each of these report entries, you can set the schedule with the icon in the red frame. 006.PNG

When you click the icon, the following screen will appear, and you can set when and in what format the report will be executed. 007.PNG

With this setting, the report will be executed at the set time, but the user ID for executing the report is the ID of the user who set the schedule, and the timing of the report execution at this set time. So, in fact, it is an image that authentication runs with this user ID. User information is retained when the schedule is set, but it is this getTrustedCredentialValues that calls and receives it.

② What is getCredentialValues? This is called when you create a program to operate Cognos with the Cognos SDK, execute the program from the outside, and authenticate when accessing Cognos. Ignore if you're talking about not creating a program that calls the Cognos SDK externally.

③ What is getFormFieldValues? This is a function that receives the user ID and password entered when accessing Cognos from an external web page or the Cognos Mashup Service.

④getTrustedEnvironmentVaribleValue When performing SSO (Single Sign On) with Cognos, SSO is basically performed based on the user ID information embedded in the environment variable of HTTP Header, but this receives the environment variable of HTTP Header by custom authentication and SSO Is for doing.

Keeping that in mind makes reading the login method much easier.

** search method ** Finally, the search method starting on line 134. 012.PNG

In Cognos, when performing authorization acts such as granting permissions, users are assigned to a certain group or users are searched for on the authentication source. I'm trying to register a member in a group called "Creator" on a management screen called Cognos Administration like this. Press Add Red Frame. 004.PNG

Then you can refer to the user information in the authentication source (Restorable) like this. In the upper right, there are functions called "input" and "search" that search for users by specifying more detailed conditions, but it is also the role of the search method to implement these functions. 005.PNG

Roughly, that's it.

Development cannot be started without understanding the actual on-screen functions of Cognos and the mapping of the source code description, so we hope that it will be useful as the first step in custom development.

Recommended Posts

A description of the JDBC Sample that will be helpful when developing a custom authentication provider with the Cognos SDK
A fix to prevent the increase in the number of DB connections in the custom authentication provider of the Cognos SDK sample
The point of addiction when performing basic authentication with Java URLConnection
A story that struggled with the introduction of Web Apple Pay
About the matter that tends to be confused with ARG of Dockerfile which is a multi-stage build