Typical WebHooks would include customised user authentication and
access control, file presentation filters and database applications.
With WebHooks, you can create your own custom server applications
that build upon the HTTP, FTP or POP3 protocols, using the powerful,
reliable, multi-threaded PowerWeb engine as the basis for your server.
WebHooks can be written in any language supported by PowerWeb, such
as compiled languages, Perl or Rexx.
Authentication and Access Control are two separate phases in
PowerWeb Server++. Authentication refers to the checking of the
validity of the user's identity, whereas Access Control defines
whether the specified user is allowed access to a given resource
from a given machine.
PowerWeb splits apart the authorization string provided by the client
browser and stores the user name and password values in status variables.
A common use for this hook is to use an external database for verifying
user names and passwords. The AccessControl hook can be overridden to
allow specifying a user realm to use for authentication. The user realm
name could be used to specify an SQL table name for lookup.
Arguments In:
Request:/Header/In/Authorization
The authorization string provided by the browser (if any).
This is normally in an encoded format.
Request:/AuthenticateType
The type of authentication that was requested. For HTTP, this
is typically the text "Basic".
Request:/AuthenticateUser
The user name to authenticate, as extracted from the
"Authorization" string.
Request:/AuthenticatePassword
The password that was supplied, as extracted from the
"Authorization" string.
Arguments Out:
Request:/StatusCode
The protocol-specific status code to return to the client if access
is denied.
Rexx Example:
/* User Authentication Example - Requires version 2.06 or later.
This hook MUST be used in conjunction with an AccessControl hook
(see the example in that section).
*/
parse arg parcel
user = ServerReadText(parcel, "Request:/AuthenticateUser")
pwd = ServerReadText(parcel, "Request:/AuthenticatePassword")
/* Substitute your own user name lookup here:
So instead of:
if user = "joe" & pwd = "secret" then
use something like:
call ServerWriteText parcel, "Config:/Semaphore/Global", "5000"
rc = address sql 'if exists(select * from db..users where name='user' and password='pwd') return 1 else return 0'
call ServerWriteText parcel, "Config:/Semaphore/Global", "-1"
if rc = 1 then
*/
if user = "joe" & pwd = "secret" then
return "0"
/* Authentication failed: either the user name or the password is invalid:
Tell the client browser we require re-authentication by
Code 401 means authenticate again.
Status Basic means normal user name and password prompting.
Realm Admin means use the user database named "Admin" when verifying the user.
Return code "3" tells PowerWeb that authentication failed.
*/
call ServerWriteText parcel, "Request:/StatusCode", "401"
call ServerWriteText parcel, "Request:/StatusText", "Basic realm=admin"
return "3";
Access Control defines whether the specified user is allowed access
to a given resource from a given machine. By defining your own hook,
you can implement other access control policies such as allowing
access only during specified time periods during the day.
Arguments In:
Request:/Resource
The physical resource being accessed.
Request:/Protocol
The name of the protocol being used to access this resource.
Request:/Method
The protocol-specific method, such as GET or POST.
Request:/SubMethod
The protocol and method-specific sub-method, such as INCLUDE or EXEC.
Request:/AuthenticateUser
The authenticated user name.
Connect:/RemoteAddress
The remote client's IP address.
Connect:/RemoteHost
The remote client's machine host name, as determined by reverse
domain name server lookup.
Arguments Out:
Request:/StatusCode
The protocol-specific status code to return to the client if access
is denied.
Rexx Example:
/* Access Control Example - Requires version 2.06 or later.
This hook can be used in conjunction with a UserAuthentication hook
(see the example in that section).
*/
parse arg parcel
user = ServerReadText(parcel, "Request:/AuthenticateUser")
page = ServerReadText(parcel, "Request:/Resource")
/* Substitute your own resource lookup here:
So instead of:
if user = "joe" then
use something like:
call ServerWriteText parcel, "Config:/Semaphore/Global", "5000"
rc = address sql 'if exists(select * from db..resources where name='user' and resource='page') return 1 else return 0'
call ServerWriteText parcel, "Config:/Semaphore/Global", "-1"
if rc = 1 then
*/
if user = "joe" /* & length(page) < 24 */ then
return "0"
/* Access control failed: tell user he/she is forbidden.
Code 403 means access is denied to that user. This information will
be displayed by the client's browser.
Return code "3" tells PowerWeb that access control denied access.
*/
call ServerWriteText parcel, "Request:/StatusCode", "403"
return "3";
The ResourceType hook tells PowerWeb Server++ the MIME type and
encoding of the resource. The default handler bases its decisions
on the filename extension of the resource.
Arguments In:
Argument:/Resource
The physical name of the resource to be accessed after resource
name translation.
Arguments Out:
Argument:/ContentType
The MIME type of the resource.
Argument:/ContentEncoding
The MIME encoding of the resource.
The CommandProcessing hook is the closest equivalent to CGI. It
provides a superset of CGI functionality because all server variables
can be both queried and set (subject to access control permissions).
Custom applications can use this hook to perform tasks other than
serving of documents or data files. Database searches, gateways to
other systems and services, administration tasks, etc can all be
performed by this hook.
The Guided Tour provides an
example of using a CommandProcessing hook which filters ".CSV"
files so that they are presented as HTML tables. This processing is
invisible to the user, making it an ideal mechanism for implementing
filters.
Arguments In: None.
Arguments Out: None.
The ServerInclusions hook allows the developer to define customised
WebMacros, extending the existing set provided with PowerWeb Server++.
Any unrecognised macro is passed to this hook for execution.
Arguments In:
Argument:/WebMacro
The name of the WebMacro to be interpreted.
Argument:/Attributes
The full text of the WebMacro to be interpreted, excluding
the name. Attributes are typically space-delimited and are
composed of "name=value" pairs where values can be contained in
quotes.
Arguments Out:
Request:/Result
The processed output of the PowerWeb Macro should be appended to this
variable. It will be automatically sent to the client's browser.