Role based access control on the Correspondence generation interface

More often that not would there be a need to prevent Correspondence generation access for non-eligible users, i.e. the user interface for creating a correspondence (Create Correspondence aka Document Composer UI) should not allow entry to such users and throw an (Access Denied) error.

Such access control can be achieved with a quick and simple customization in the solution’s security configurations (which is, by the way, backed by Spring Security). Here’s how…

The solution exposes a security configuration XML (placed @ [LiveCycle_ES_Home]\sa_resources\SA_SDK_9.5\CorrespondenceManagement\FSIApp\Portal\resources\spring-config.xml in the Solution Template). In order to secure the Create Correspondence UI to allow access to only people with a pre-defined role, say Correspondence Management Create Correspondence User, you need to:

  1. Create the above role (Correspondence Management Create Correspondence User) using the LiveCycle Administration UI), if it does not already exist.
  2. Add the following in the security configuration file (security-config.xml, indicated above), along with the other <sec:intercept-url…> elements in it:

<sec:intercept-url pattern=“/dc” access=“lcAuth:Correspondence Management Create Correspondence User” />

The above interception basically means that, when a user tries to invoke the application (which is exposed at the URL http://server:port/cmsa/dc), the system intercepts the request to check for the mentioned roles in the current user’s roles. Hence, as per the above configuration, this would only allow those users who have the “Correspondence Management Create Correspondence User” role to access the Create Correspondence UI.

Note: You can provide access to any other or more such roles by adding those roles (comma-separated) in the access attribute in the configuration above (do remember to prefix the LC roles names with lcAuth:).