Adding security with BPM Sign-on API

A Web (formerly BPM WebFlow) Application can be accessed by typing in its URL in the Address bar of your browser. You can use BPM Sign-on API to design a Login page that will provide an additional level of security to accessing your Web applications, as shown in the following procedures.

To add security with BPM Sign-on API:

1. Open the web.xml file under the sbm\WEB-INF directory of your application server.

2. Go to Filter Mappings > BizPassFilter <url-pattern> and define a deployment descriptor to create a Login page for a specific Web application — in this case, BS_Approval_Ver2, as shown in the following sample.

<filter-mapping>
<filter-name>BizPassFilter</filter-name>
<url-pattern>/BPMWebFlow/BS_Approval_Ver2/*</url-pattern>
</filter-mapping>

3. To create a Login page for all your Web Applications, define the following deployment descriptors.

<filter-mapping>
<filter-name>BizPassFilter</filter-name>
<url-pattern>/BPMWebFlow/*</url-pattern>
</filter-mapping>

4. The * symbol in BizPassFilter can be used to add a Login page to protect any Business Process Server resource.

For example, to send users to a Login page before accessing all BP Server applications, use the following deployment descriptor.

<filter-mapping>
<filter-name>BizPassFilter</filter-name>
<url-pattern>/ebmsapps/*</url-pattern>
</filter-mapping>