Coexistence with Legacy Security Checkpoints¶
Security Checkpoints in IFS Cloud Web can coexists with Legacy Security Checkpoints.
Projection Security Checkpoint and Legacy Security Checkpoints¶
The difference between Security Checkpoints in IFS Cloud Web (Projection Security Checkpoints) Legacy Security Checkpoints is how it's implemented and the scope of the transaction that it protects.
Managing Legacy Security Checkpoints¶
When a Security Checkpoint for IFS Cloud Web is created, there is the possibility to reference one or more Legacy Security Checkpoints.
Legacy Security Checkpoints reference¶
A Legacy Security Checkpoint affects an action in IFS Cloud Web when the PL/SQL code for the Business in the Database that the action executes, contains a Legacy Security Checkpoint. In that scenario, the Legacy Security Checkpoints needs to be referenced in the "legacycheckpoints" attribute of the action. If there are more than one Legacy Security Checkpoint associated with that an action, those can be specified as a comma separated list of strings. All Legacy Checkpoints that are affected by the action, shall be referenced.
action TestAction {
initialcheck none;
parameter StrKey Text;
parameter TextPara Text;
checkpoint = "Checkpoint_ActionVoidUb";
legacycheckpoints = "CHKPT_TEST_LEGACY_CP1", "CHKPT_TEST_LEGACY_CP2, "CHKPT_TEST_LEGACY_CP14", "CHKPT_AUTHFLOW_CP";
}
The ID of the Legacy Security Checkpoint shall be specified.
Note: An action that is affected by Legacy Security Checkpoints shall all of them referenced in the action implementation. This is important when a new Security Checkpoint is disabled.
Actions with unreferenced Legacy Security Checkpoints¶
The transaction executed from an action will stop if an action is affected by a Legacy Security Checkpoint, but it do not have the Legacy Security Checkpoint referenced. The result is that the transaction will not be executed and an error message saying "Unhandled Security Checkpoint" will be displayed.
An action with a new Security Checkpoint needs to know which Legacy Security Checkpoints that it's allowed to pass. In a scenario like this, add the encountered Legacy Security Checkpoint as a referenced to the action that was executed.
Scenarios for coexistence between new and Legacy Security Checkpoints¶
Consider a scenario where an action is affected by two Legacy Security Checkpoints. This list is describing the behavior of the Security Checkpoints based on their state and if the Legacy Security Checkpoints are referenced or not.
| Projection Checkpoint | Legacy Checkpoint 1 | Legacy Checkpoint 2 | Result |
|---|---|---|---|
| Enabled | Enabled & Referenced | Disabled | User credentials required to proceed |
| Enabled | Enabled & Referenced | Disabled & Referenced | User credentials required to proceed |
| Enabled | Enabled & Referenced | Enabled | User credentials required to proceed |
| Enabled | Enabled & Referenced | Enabled & Referenced | User credentials required to proceed |
| Enabled | Enabled | Disabled | User credentials required to proceed |
| Enabled | Enabled | Disabled & Referenced | User credentials required to proceed |
| Enabled | Enabled | Enabled | User credentials required to proceed |
| Enabled | Enabled | Enabled & Referenced | User credentials required to proceed |
| Enabled | Disabled & Referenced | Disabled | User credentials required to proceed |
| Enabled | Disabled & Referenced | Disabled & Referenced | User credentials required to proceed |
| Enabled | Disabled & Referenced | Enabled | User credentials required to proceed |
| Enabled | Disabled & Referenced | Enabled & Referenced | User credentials required to proceed |
| Enabled | Disabled | Disabled | User credentials required to proceed |
| Enabled | Disabled | Disabled & Referenced | User credentials required to proceed |
| Enabled | Disabled | Enabled | User credentials required to proceed |
| Enabled | Disabled | Enabled & Referenced | User credentials required to proceed |
| Disabled | Enabled & Referenced | Disabled | User credentials required to proceed |
| Disabled | Enabled & Referenced | Disabled & Referenced | User credentials required to proceed |
| Disabled | Enabled & Referenced | Enabled | User credentials required to proceed |
| Disabled | Enabled & Referenced | Enabled & Referenced | User credentials required to proceed |
| Disabled | Enabled | Disabled | Exception - Unhandled Legacy Security Checkpoints |
| Disabled | Enabled | Disabled & Referenced | Exception - Unhandled Legacy Security Checkpoints |
| Disabled | Enabled | Enabled | Exception - Unhandled Legacy Security Checkpoints |
| Disabled | Enabled | Enabled & Referenced | User credentials required to proceed |
| Disabled | Disabled & Referenced | Disabled | No credentials required |
| Disabled | DDisabled & Referenced | Disabled & Referenced | No credentials required |
| Disabled | Disabled & Referenced | Enabled | Exception - Unhandled Legacy Security Checkpoints |
| Disabled | Disabled & Referenced | Enabled & Referenced | User credentials required to proceed |
| Disabled | Disabled | Disabled | No credentials required |
| Disabled | Disabled | Disabled & Reference | No credentials required |
| Disabled | Disabled | Enabled | Exception - Unhandled Legacy Security Checkpoints |
| Disabled | Disabled | Enabled & Referenced | User credentials required to proceed |
How to Identify an unhandled Legacy Security Checkpoint¶
Prerequisites¶
- Security Checkpoints are globally enabled for IFS Cloud Web
- The Legacy Security Checkpoints of interest are enabled
Method¶
Identify which functionality that has a Legacy Security Checkpoint specified. Utilize that functionality in IFS Cloud Web by executing different actions. When an unhandled Legacy Security Checkpoint is encountered, an exception will be raised and an error message saying "Unhandled Security Checkpoint" will be displayed. The details of the error message will specify the ID of the Legacy Security Checkpoint. Use this information to specify the ID as a reference to the action that raised the error.