Developing the Security Authorization Service Application Class
This section describes how to:
Develop the authorization service application class.
Use the Authorization Request object.
The application class for the authorization service must be created from the base interface PTCS_SECURITY:Security:SecurityHandler. This base interface has only one method, GetAuthorization, which must be implemented by all child classes. This method receives an array of AuthRequest objects as parameters.
Note: You need develop the security authorization application class when you are performing row-level authorization.
Import PTCS_SECURITY:Security:*; Class SampleSecurityAppclass extends PTCS_SECURITY:Security:SecurityHandler /*method AuthRequestHandler(&arrAuthReq As array of PTCS_SECURITY:Security:*/ /*AuthRequest);*/ method GetAuthorization(&arrAuthReq As array of PTCS_SECURITY:Security:AuthRequest); end-class; /*method AuthRequestHandler*/ method GetAuthorization /+ &arrAuthReq as Array of PTCS_SECURITY:Security:AuthRequest +/ /+ Extends/implements PTCS_SECURITY:Security:SecurityHandler.GetAuthorization +/ Local integer &i; Local string &val, &userid; /* Setting the Access Property in the AuthRequest object */ For &i = 1 To &arrAuthReq.Len &arrAuthReq [&i].Access = "T"; End-For; /* Reading the Keyvalue from the AuthRequest object */ &val = &arrAuthReq .GetParameterValue("CUSTOMER"); /* Reading the userid from the AuthRequest object */ end-method;
The different parameters of an authorization request that are present in each PARAMS element in a request message are encapsulated in an AuthRequest object. The AuthRequest object stores the key values of the request in an array. Use the GetParameterValues method to retrieve a particular value by passing the key name.
The AuthRequest object has an Access property that you use to set the authorization access for the user. A value of T (true) authorizes access and a value of F (false) denies access. The value of the Access property is set to F by default. You can set the property to T from inside the security application class as dictated by business requirements.