Security: Mobile Web Server user permissions

Permalink · October 28, 2013 3:04PM

Omniscope Mobile web server allows you to configure per folder authorisation/permissioning configuration.

To enable this feature, just create a folder.xml configuration file and put it into your sharing folder (or subfolder).
You can start by using the folder.xml.default file, present into the mobile sharing folder, as template.

Remember, the settings present into the folder.xml file will override the default anonymous/folder permissions, and the default users credentials and permissions. As a note for system administrators, folder.xml works like Apache .htaccess file.

Here follows the main aspects you have to knowledge to properly configure the folder.xml file:

Permissions

These are permissions you can set on a folder or per user basis:

listDirectory : allow users to list existing files and subfolders
downloadFile : allow users to download the IOK files
viewInMobile : allow users to launch the Omniscope Mobile app for the existing IOK files
fileManagement : allow users to upload IOK files, rename and delete resources, create new folders in the folder
getStatic : allow users to get/access static resources from the folder, and to customise default styles (e.g. logo, icons, css files)
viewServerState : allow users to view the server state through a monitoring page

N.B. A missing permission in the configuration is equivalent to deny

User Credentials

To specify user credentials is required you specify:

username : in clear text
password : hash encrypted string using MD5 algorythm. As reference you can use this link to generate the hash.

folder.xml file structure

Anonymous section
The <anonymous> element describes the unauthenticated permissions, and is also used as default values for per-user permissions.
Unauthenticated public access will be given these permissions. Any false/missing permissions will require authentication.
Users section
The <user> element describes the credentials and the permissions per user, and is made by the following elements/attributes:
- Enabled : whether or not the user is enabled.
- Credentials : the user username and password
- Permissions: the user permissions that will override the anonymous ones

folder.xml example

<?xml version="1.0" encoding="UTF-8"?>
<mobilefolder>
  <anonymous>
    <permissions listDirectory="true" downloadFile="false" viewInMobile="true" fileManagement="false" getStatic="false" viewServerState="false"/>
  </anonymous>
  <users>
	<user enabled="true">
	  <credentials>
		<credentials username="antonio" password="9aeb94180027a7081352cba05e6a3782" />
	  </credentials>
	  <permissions>
		<permissions listDirectory="true" downloadFile="true" viewInMobile="true" fileManagement="true" getStatic="true" viewServerState="true" />
	  </permissions>
	</user>
	<user enabled="true">
	  <credentials>
		<credentials username="guest" password="4aeb93180027a708186hy4505e6a6465" />
	  </credentials>
	  <permissions>
		<permissions listDirectory="true" viewInMobile="true" getStatic="true" />
	  </permissions>
	</user>
  </users>
</mobilefolder>

Common use cases:

Anonymous access not allowed, Admin user full permissions, Guest users browse and play IOK files
<?xml version="1.0" encoding="UTF-8"?> <mobilefolder> <anonymous> <permissions listDirectory="false" downloadFile="false" viewInMobile="false" fileManagement="false" getStatic="false" viewServerState="false"/> </anonymous> <users> <user enabled="true"> <credentials> <credentials username="admin" password="9aeb94180027a7081352cba05e6a3782" /> </credentials> <permissions> <permissions listDirectory="true" downloadFile="true" viewInMobile="true" fileManagement="true" getStatic="true" viewServerState="true" /> </permissions> </user> <user enabled="true"> <credentials> <credentials username="guest" password="4aeb93180027a708186hy4505e6a6465" /> </credentials> <permissions> <permissions listDirectory="true" viewInMobile="true" getStatic="true" /> </permissions> </user> </users> </mobilefolder>
Anonymous can browse folders, no Admin user, Guest users browse and play IOK files
<?xml version="1.0" encoding="UTF-8"?> <mobilefolder> <anonymous> <permissions listDirectory="true" getStatic="true" /> </anonymous> <users> <user enabled="true"> <credentials> <credentials username="guest" password="4aeb93180027a708186hy4505e6a6465" /> </credentials> <permissions> <permissions listDirectory="true" viewInMobile="true" getStatic="true" /> </permissions> </user> </users> </mobilefolder>

bfromson1 · October 29, 2013 4:53AM

This works fine and we have already implemented it in our test structure.

However it would be much easier to manage if the folder configuration option in the mobile web server menu allowed you to edit the folder.xml file directly for any subdirectory rather than exporting from the default configuration then saving in the subfolder.

Better still active directory and mark permissions for users or groups??

October 29, 2013 9:57AM

Yes, we are aware or the current state and limitations, and we will be addressing these problems soon (e.g. control the server permissioning through a web UI)

Veaceslav · May 30, 2014 9:15AM

Omniscope Mobile web server authentication has been redesigned. For more information read this article: http://forums.visokio.com/discussion/2564/security-enterprise-authentication-ad-ldap-sso

Permissions

User Credentials

folder.xml file structure

folder.xml example

Common use cases:

Welcome!

Categories

Ideas Parade

Tagged