Local and Extended Local user accounts
- Last Updated: March 16, 2023
- 2 minute read
- OpenEdge
- Version 12.2
- Documentation
Both local and extended local configurations use an ABL application's WEB-INF/users.properties file as the source for user account information.
Local configurations
The local model is usually used during application development, where you would want a quick way of testing a web application's security structure. It allows you to easily edit accounts and add clear-text passwords in order to test user access based on roles.
|
See the oeablSecurity.properties.README file for more information.
After choosing the local security configuration model for a web application, you can add, remove, modify users or user authentication settings by updating the ABL application's WEB-INF/users.properties file.
Extended local configurations
Like the local model, the extended local model uses the WEB-INF/users.properties as the source for user account information . However, the extended local model is more secure because it allows you to use encrypted passwords. Encrypted (i.e. hashed/salted) passwords are generated with the GENSPRINGPWD utility. See Generate encrypted passwords with GENSPRINGPWD
|
See the oeablSecurity.properties.README file for more information.
The users.properties file
The following shows the syntax of entries in users.properties:
|
The following shows the content of the default users.properties file:
|
The contents of the users.properties file are included as an example and they are not secure since they are stored as plain text. Typically, for a production server, you would generate encrypted passwords, and add the secure passwords to the users.properties file. See Generate encrypted passwords with GENSPRINGPWD for more information.