Background
We have a customer that needed to allow unauthenticated users to open tickets within IBM Control Desk, and we only had access to IBM HTTP Server and our Maximo/ICD WebSphere server to make that happen.Security Risks
Essentially, anyone with the link can get to the pages described in this article. They could even write a script to create a huge number of tickets, taking down your ICD installation. So in any pages you create using this article, you need to do *something* to guard against that behavior. Exactly what you do depends on your specific situation.
Where to Create the Unprotected JSP
You just need to create the .jsp file under:
.../installedApps/<cell__name> /MAXIMO.ear/maximouiweb.war/ webclient/login
For example, put the following in the file HelloWorld.jsp in the above directory:
<HTML>
<HEAD>
<TITLE>Hello World</TITLE>
</HEAD>
<BODY>
<H1>Hello World</H1>
Today is: <%= new java.util.Date().toString() %>
</BODY>
</HTML>
<HEAD>
<TITLE>Hello World</TITLE>
</HEAD>
<BODY>
<H1>Hello World</H1>
Today is: <%= new java.util.Date().toString() %>
</BODY>
</HTML>
Then access it with the url:
And this is what you'll see, with no login required:
That's it. Now you just need to write the JSP code to do what you need.
Caveats
A JSP file added in this way would need to be re-deployed after each time you deploy the application. These instructions do NOT tell you how to add the JSP file to the EAR build process.
You need to manually copy the JSP file(s) to the appropriate location for each MAXIMO UI JVM.
No comments:
Post a Comment