Customising the Access Control Unit

Note: All references to files and directories in this manual are relative to the Nesstar Server installation directory. For example, if you install your server in c:\nesstar-server then the reference config\current_policy.acu corresponds to the file c:\nesstar-server\config\current_policy.acu.

Modifying challenge forms

The authentication page in a Nesstar 4 server installation is really just another Webview page. That means it can be customized in the same way as all other webview resources are customized:

  • If all you want to do is cosmetic changes, you will have to edit the ./jboss/server/default/deploy/webview.war/skins/default/css/custom.css file. There is a div around all login elements with the id "login", inside this div is a form with the id "loginform" and a new div with id "unregistered" containing the instructions for unregistered users.
  • If you want to change the text displayed, the displayed text is fetched from the language files. These can be found in jboss/server/default/deploy/${CLIENT_WAR}/WEB-INF/classes/nesstar/webclient/translation/messages_${LANGUAGE_CODE}.properties. Make sure you edit the file for all used translations. The relevant keys in these property files are login_access_control, login_access_control_verbose, login_username, login_password, login_button, login_unregistered, login_unregistered_verbose, and login_authentication_failed
  • Finally, if you want to change the whole page radically, you will need to edit the template file. this file can be found in jboss/server/default/deploy/${CLIENT_WAR}/WEB-INF/classes/nesstar/webclient/templates/default/login/loginform.vm. It is basically an HTML document with some added serverside logic.

Proposing agreements to users

An agreement can be proposed to the users when challenged by the server. To use agreements in the policy, they should be declared before the rules section that uses them. Agreements declared in the policy are created from the system in the database.

Agreements can be created using the the following declaration:

   agreement( agreement_id , agreement_text).
for example:
   agreement( “agreement1”,“I accept to respect all the limitations set on these data by the publisher.”).

To use the agreements in the rules, a method exists for user HasAgreement(agreement_id,scope).
agreement_id is the id used in the agreement declaration, scope is the validity of the agreement and three values are available for it:

  • TRANSACTION: the agreement will be valid for the current transaction only; users will be asked to accept the agreement with every new transaction;
  • SESSION: the agreement will be valid for the current session only; users will be asked to accept the agreement with every new session;
  • ONCE: the agreement will be valid for all sessions; users will be asked to accept the agreement once and for all;

For example the rule

   authorisedUser CAN analize faster.Study IF user/HasAgreement("agreement1",SESSION).
is translated as : all the authorised users can perform analysis on a study if users have accepted agreement agreement1 for the current session.

A policy using agreements can be found here.