Skip to main content
CollegeSource Support

Linking Directly to an Audit

 


 

Basic Setup, Versions 4.0.17-Current

Properties

Two properties in selfservice-security.properties relate to direct audit linking:

  1. uachieve.selfservice.security.allowDirectAuditLink-must be set to true for Self-Service to allow direct audit links
  2. uachieve.selfservice.security.urlEncode-set the urlEncode property to true if you wish to url encode the property values in the audit link
    For more information about these properties, see Security Settings.
Steps
  1. Authenticate user-this can be done either through a Single Sign On system such as CAS, or by submitting the user's id and password directly to <self service url>/general/logincheck.html
  2. Create link to audit as described below
Link Format

The generic format for the url to an audit in Self-Service is shown below:

<Self-Service url>/audit/view.html?jobqseqno=<audit's jobq_seq_no>&jobid=<audit's jobid>&stuno=<audit's stuno>

Text in black is static and will not change unless you have made advanced changes to your installation of Self-Service. Text in blue will be static across an installation of Self-Service. Text in red will be different for each audit link.

Field

Description

Sample Value

Self-Service url

The base url used to access Self-Service

http://www.myschool.edu/selfservice

audit's jobq_seq_no

Unique jobq_seq_no of the audit being linked to.
Corresponds to the int_seq_no of the job_queue_run output table.

25

audit's jobid

Unique jobid of audit being linked to.
Can be found in the job_queue_list input table and the job_queue_run output table

2010091015330001

audit's stuno

Stuno of the student the audit was run on.
Found in the job_queue_run output table.

123456

 

Combining the sample values together, an example URL might look like this:

http://www.myschool.edu/selfservice/audit/view.html?jobqseqno=25&jobid=2010091015330001&stuno=123456

Basic Setup, Versions 4.0.7-4.0.16

Starting in Version 4.0.7, Self-Service allows direct linking to audits. This allows schools to take a user directly to a graphic display of an audit from a separate application without requiring the user to go through the steps of navigating to Self-Service, logging in, and searching for the correct audit.

Properties

There are two properties in selfservice-security.properties that relate to direct audit linking:

  1. uachieve.selfservice.security.allowDirectAuditLink-must be set to true for Self-Service to allow direct audit links
  2. uachieve.selfservice.security.urlEncode-set the urlEncode property to true if you wish to url encode the property values in the audit link
    For more information about these properties, see Security Settings.
Link Format

The generic format for the url to an audit in Self-Service is shown below:

<Self-Service url>/general/logincheck.html?
<uachieve.selfservice.security.login.usernameParameter>=<username>&
<uachieve.selfservice.security.login.passwordParameter>=<password>&
directAuditLink=true&
jobqseqno=<audit's jobq_seq_no>&
jobid=<audit's jobid>&
stuno=<audit's stuno>

Text in black is static and will not change unless you have made advanced changes to your installation of Self-Service. Text in blue will be static across an installation of Self-Service. Text in red will be different for each audit link.

Field

Description

Sample Value

Self-Service url

The base url used to access Self-Service

http://www.myschool.edu/selfservice

uachieve.selfservice.security.login.usernameParameter

The name of the username parameter used to login to Self-Service.
Set in selfservice-security.properties.

j_username

username

Username for logging into Self-Service

djones

uachieve.selfservice.security.login.passwordParameter

The name of the password parameter used to login to Self-Service.
Set in selfservice-security.properties.

j_password

password

Password for logging into Self-Service

secret

audit's jobq_seq_no

Unique jobq_seq_no of the audit being linked to.
Corresponds to the int_seq_no of the job_queue_run output table.

25

audit's jobid

Unique jobid of audit being linked to.
Can be found in the job_queue_list input table and the job_queue_run output table

2010091015330001

audit's stuno

Stuno of the student the audit was run on.
Found in the job_queue_run output table.

123456

 

Combining the sample values together, an example URL might look like this:

http://www.myschool.edu/selfservice/general/logincheck.html?j_username=djones&j_password=secret&directAuditLink=true&jobqseqno=25&jobid=2010091015330001&stuno=123456

Validation-All Versions

In Version 4.0.7, Self-Service will perform three checks before allowing a user to view a linked audit:

  1. Login check-makes sure that the user has access to the Self-Service application and has provided the correct password by calling the normal login process
  2. Student access check-makes sure that the user has permission to view this student's audits
  3. Institution access check-makes sure that the user has permission to view the institution associated with the audit
    As of Version 4.0.8, another check has been added:
  4. Soprid check-ensures that the user has access to audits that have the current audit's soprid

Adding Security-All Versions

Encoding Link Parameters

By default, the direct link parameters are not encoded. This can be changed using the codec bean in selfservice-ctx.xml. The built-in codecs are described in the table below. Make sure only one bean with the id 'codec' is uncommented in selfservice-ctx.xml.

Codec

Description

ClearTextParameterCodec

Default codec. Parameters are not encoded.

ReverseClearTextParameterCodec

Reverses parameter string- '123456' becomes '654321'. Useful for testing, but not secure.

Base64ParameterCodec

Base64 encodes parameters. Base64 is a stronger encoding scheme, but is still relatively simple to hack.

ConfigurableParameterCodec

Allows user to specify which encryption algorithm, key obtention iterations, password, and salt generator should be used to encode url parameters. See Standard Algorithm Names for information on available algorithms.

To use the ClearText, ReverseClearText, or Base64 codec, simply uncomment the appropriate codec in selfService-ctx.xml. To use the configurable parameter codec, uncomment the codec and stringEncryptor beans and fill out the properties in the stringEncryptor bean.

Using Cookies-All Versions

Basic Configuration

Parameters

web.xml contains a filter named LoadCookieAuthFilter. This filter can be used to check to make sure a cookie is in place before allowing the user to view an audit. The LoadCookieAuthFilter has two parameters:

  1. cookieName - can be changed to any valid cookie name. This is the name of the cookie set by the application linking to the audit.
  2. useFilter - set to either true or false. Tells Self-Service whether or not to check for the cookie.
Cookie Data

The cookie needs to contain three fields:

  • userid
  • stunos- an array containing the stunos of the students allowed to see the audit. To allow an advisor to see an audit, use * as the student number.
  • timestamp- the time of the cookie's creation in the format YYYYMMDDHHmmSSS, where Y is year, M is month, D is day, H is hour, m is minute, and S is second.
Using a Plaintext Cookie
Creating the Cookie

A sample plaintext cookie for the 4.0.7 Version of Self-Service is shown below:

"{'userid':'djones','stunos':['123456'],'timestamp':'201008141453054'}"

 

As of the 4.0.8 Version, the stunos field has been removed. A sample cookie is shown below:

"{'userid':'djones','timestamp':'201008141453054'}"

Note that the name and value of each cookie field is surrounding by single quotes (') and that the entire cookie is contained within double quotes ("). A plaintext cookie must be in this format to be properly recognized by Self-Service. Once the cookie has been created, put it on the domain used for Self-Service (e.g., myschool.edu). The path should be set to / and the cookie should remain for the life of the session.

Using the Cookie

Self-Service uses the encryptor defined in the stringEncryptor bean to decrypt the cookie. To use a plaintext cookie, make sure this is the stringEncryptor bean uncommented in selfservice-ctx.xml:

<bean class="uachieve.selfservice.util.web.cookies.PlaintextEncryptor" id="stringEncryptor" />

Using an Encrypted Cookie

Creating the Cookie

An example cookie (before encryption) for the 4.0.7 Version of Self-Service is shown below:

{"userid":"djones","stunos":["123456"],"timestamp":"201008141453054"}

 

As of the 4.0.8 Version, the stunos field has been removed. A sample cookie (before encryption) is shown below:

{"userid":"djones","timestamp":"201008141453054"}

Note that this is a slightly different format than that used for a plaintext cookie. This cookie needs to be encrypted and base64 encoded. The encryption settings must be the same as those in the stringEncryptor bean found in selfservice-ctx.xml. Once the cookie has been encrypted and encoded, put it on the domain used for Self-Service (e.g., myschool.edu). The path should be set to / and the cookie should remain for the life of the session

Using the Cookie

Self-Service uses the encryptor defined in the stringEncryptor bean to decrypt the cookie. To use an eencrypted cookie, make sure this is the stringEncryptor bean uncommented in selfservice-ctx.xml:

<bean class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor" id="stringEncryptor">
     <property name="algorithm" value="PBEWithMD5AndDES" />
     <property name="keyObtentionIterations" value="100" />
     <property name="password" value="changeme!" />
     <property name="saltGenerator">
          <bean class="org.jasypt.salt.FixedStringSaltGenerator">
               <property name="salt" value="changemetoo!" />
          </bean>
     </property>
</bean>

The algorithm, iterations, password and salt can all be customized. These are the settings used to decrypt the cookie within Self-Service. The same settings should be used to encrypt the cookie. The bean class can be set to any implementation of the org.jasypt.encryption.StringEncryptor interface. Different implementations my require different properties.

  • Was this article helpful?