Init.jsp contains global parameters for the application. There are two objects which must be configured:
The dbBean contains the connection information to your database. Use standard JDBC parameters. Settings for Oracle and MySql have been provided.
The ROLE_LIST are the access roles for the application. The role list is composed of internal roles (public, private, locked) and all external roles (like project): A role is like a group. Here we've added a role called "project".
Vector ROLE_LIST = new Vector();
ROLE_LIST.addElement("private");
ROLE_LIST.addElement("public");
/************ MODIFY ***************/
ROLE_LIST.addElement("project");
Add roles to the deployment descriptor. Note: Each NoteTool role has four sub-roles: manager, member, publisher and reader.
| <!-- WEB-INF/web.xml --> <web-app> <!-- authentication role --> <security-role><role-name>notetool</role-name></security-role> <!-- notebook administrator role --> <security-role><role-name>notetool.administrator</role-name></security-role> <!-- internal roles --> <security-role><role-name>public</role-name></security-role> <security-role><role-name>private</role-name></security-role> <!-- MODIFY --> <security-role><role-name>project.manager</role-name></security-role> <security-role><role-name>project.member</role-name></security-role> <security-role><role-name>project.publisher</role-name></security-role> <security-role><role-name>project.reader</role-name></security-role> <!-- security constraints --> <security-constraint> <web-resource-collection> <web-resource-name>notetool</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>notetool</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>notetool</realm-name> </login-config> </web-app> |
Add users to the security file. Each vendor implements this differently. Below are examples from Tomcat and Orion (Oas9i).
Below is an example of the notebook management screen:
All Notebooks
|
From here a user can create notebooks, edit, delete and change ownership of a notebook. Editing a notebook means changing the name, the owner or the access of a notebook. The "last" column denotes notebook activity. This can be used to delete or restrict inactive notebooks.
Management of notebooks falls under two scencarios: Centralized Management, or Distributed Management.
CENTRALIZED_MANAGEMENT = true;
Under this scenario, only the "notetool.administrator" role can create notebooks
and manage notebooks. Existing private notebooks remain private. See the access matrix.
CENTRALIZED_MANAGEMENT = false;
Under this scenario, any NoteTool user can create a notebook. By default the user becomes
the owner of the notebook, and can mark the
notebook as public, private or protected.
Internal group roles
Access to open a database is achieved through roles. There are two internal roles:
If a notebook's access is public, then anybody can open the notebook, and create, read, update and delete its notes
If a notebook's access is private, then only the owner can open and use the notebook. Internal roles do not have users assigned to them.
External group roles
External roles provide role based access to protected notebooks. These "external" roles can be added at any time by the system administrator using the configuration guide above. External roles are defined by [role].[sub-type]
There are four sub-types: manager, member, publisher and reader. For example a user that is a member of the "project" role can have one or more of the following sub-roles: project.reader, project.publisher, project.member, project.manager.
See the access-matrix for permissions assigned to each role.
Login to the application is via membership in the single "notetool" role.
NoteTool uses JDBC capable beans to provide access to database tables. These beans were generated using Xgen .
Inside each bean, are two flags. One for transaction control (concurrency), and one for autoincrement.
The autoincrement flag means that the bean handles incrementing the id field during an insert. Note however, that the MySql schema also has AUTO_INCREMENT specified on the t_notes table. This does not affect the beans ability to perform the increment. It does provide the added benefit of allowing batch updates to the notes table. See Exporting Data.
Transaction control is turned off. This means that the bean does not check the tcn (transaction control number) in the database before doing an update. In order to use this feature, the bean being updated must be loaded and kept in memory until the insert is made.
Notes for every user are kept inside a single table.
Data can be viewed or "exported" using the notebook's view setting.
Importing Data
To import notes using sql inserts, use a standard sql tool provided by your
database vendor. For MySql this tool is: "mysql". Run mysql from the command
line, connect to your database, and run "source filename" where filename is the
file with the sql insert statements. This will insert each note, using the AUTO_INCREMENT
feature of MySql.
This is a model 1 application that uses "data model" beans as opposed to an object model with OR-mapping. These date model beans are persistent beans, and were generated using Xgen .
The t_note table has two extra field which are not being used.