Access control
The client program can get what access level depends on the use of the CreateSession and the server / client settings. Access control is achieved by one of two ways:
The username in the Domino directory and its Internet password. This approach can be used on local calls and remote calls. For local calls, the accessed must be a Domino server. The current Notes ID (ID specified by the keyfilename parameter in the notes.ini file)
This method can only be used when the local call is performed. There are Notes clients or Domino servers on the computer where the program is located. Access to Domino Directory
Via Domino
When the directory access, the code used will decide to be accessed as a user who has an anonymous user or a Domino directory. In the NotesFactory call, if only the host name is specified, or using an empty string as the username and password, the server will be accessed with an anonymous user. E.g:
Session s = notesfactory.creatession ("myhost.east.acme.com: 63148");
or:
Session s = notesfactory.creatession ("MyHost.east.Acme.com: 63148", "," ");
To access the server as a Domino user, you need to specify the username and the Internet password in parameter 2 and parameter 3. The username and password must match some of the person document in the Domino directory. E.g:
Session s = notesfactory.creatession ("myhost.east.acme.com: 63148", "Jane Smith / East / Acme",
"TOPS3CR3T");
When you call the Domino server, the host name should be empty: session s = notesfactory.createsis ("Jane Smith / East / Acme", "TOPS3CR3T") To make anonymous local call, three parameters should be air:
Session s = notesfactory.createsis (",", ",")
When conducting local calls, the server is not necessarily to run. The settings in the server document determine if an anonymous or username / password can be performed. In the server document, "Port" - "Internet Port" - Under the "DIIOP" tab, the relationship between the verification option and the code is as follows:
The relationship between verification options and code As the following table code verification option CreateSession (Host, "," ") CreateSession (Host, Name, Password) Anonymity must be set to" Yes "to access server names and passwords must be set to" Yes "to access server
For name and password verification, the name must be the username in a person's document in the Domino directory, and the password must be the Internet password in this personal file. The administrator can also set the "Forced Server Access Settings" option to "Yes" to enforce DIIOP access to the Server Access settings under the server document.
The following domains in the server document can be used to control the security of the Internet session. From essentially, the Internet session created by the local or remote Java class is equivalent to web users.
The following domains in the server document can be used to control the security domain description of the Internet session. Users accessing the server to remote or local calls must be listed in this domain. If the user is listed in this domain, regardless of the distance or The local connection cannot establish a database and template for background method to create a new database and template to create a new copy of the background method to create a copy database to create a main template for a back-end method to create a main template programming restriction run unlimited method. And the user in this domain can run a restricted Java method on the Domino server. If the user used by the program is not listed in this domain, these methods cannot be performed on the Domino server, such as the file system of the Domino server, etc., but can still perform various methods on the computer where the program is located, including access to this machine File system. The signature will represent the agent running by others as a Web user running a signature running a signature as a user as a user as a representative agent running a proxy that runs in a web user. Use the user in the Internet Session. The Internet verification limit can be used as a user name to log in * What methods are restricted, please refer to "Restricted LotusScript and Java Agent Operations" in Domino 6 Designer Help.
In the "Port" - "Internet Port" in the server document, the description of the domain in the DIIOP tab is as follows:
"Port" - "Internet Port" in the server document, the domain description of the domain in the DIIOP tab (TCPI / IP) Name and password DIIOP verification require username and password (TCP / IP) anonymous DIIOP verification does not require username and password ( SSL) Name and Password DIIOP SSL Verification Requirements User Name and Password (SSL) Anonymous DIIOP SSL Verification No User Name and Password Force Using Server Access Settings DIIOP to force server access settings under Security Tab
The following Notes.ini parameters will also affect the security of Internet sessions established by remote or local Java classes:
The Notes.ini parameter also affects the security of the Internet session established by the remote or local Java class. NOTES.INI Settings Description NOMBIGUOGUOUSWEBNAMESNOAMBIGUOUSWEBNAMES = 1, if you are used to log in to DIIOP, you have multiple matches in the $ users view, login failed When WebNameAuthenticWebNameAuthentic = 1, the username used to log in to Diiop should be the user's full name NabWeblookupView set NabWebLookupView = "XXX", and Domino will find the username used to log in in the "XXX" view of the Domino directory.
Note that in the access control table of the database, the "Internet User's maximum authority" setting will also affect the permissions of the Internet session, and DIIOP's license user's permissions cannot exceed this setting.
The server refreshes a safe cache for approximately every half hour. After modifying the security settings, you can use the console command "Tell Diiop Refresh" to force refresh.
Access to Notes ID
To access the server through the current Notes ID, you should not specify any parameters when calling:
Session s = notesfactory.createsis ()
In this case, if you need to verify (if you open the database), a dialog box will pop up, prompting the password of the Notes ID. The NOTES ID used is in the first Notes.ini file that can be found in the search path, the keyFileName variable is specified. For example, when there is the following parameters in Notes.ini, the program will use admin.id to access the server: KeyFileName = admin.id
The password of the ID must be entered, or press "Cancel" and the program will continue. You can also specify the second parameter as "String) NULL, specify the password of the Notes ID in the third parameter:
Session s = notesfactory.creatession (String) NULL, (STRING) NULL, "TOPS3CR3T")
On the server, the above French will restrict access by the reader domain. To perform full access, you can use the following methods:
Session s = notesfactory.createssionwithfullaccess ()
or
Session s = notesfactory.createssionwithfullaccess ("TOPS3CR3T")
in conclusion
You now know the basic method of using Java applications to make local calls and remote calls for Domino objects. For more complex access methods, such as SSL encryption, servlet, connection pool, single sign-on, firewall, timeout control, resource recovery, and problem diagnosis, please refer to the following article:
http://www 10.lotus.com/ldd/today.nsf/lookup/java_access_2 (US) (Source IBM Official Website)
