Can someone elaborate what is the use of the Instance ID field in the Application Metadata form? Why does it have to be -1? Also, can it be modified (say, using a workflow) at a later point of time while using the application?… Is an instance created when we put -1 as the Instance ID, which changes later on? If yes, can that be explicitly changed by some means? And what is the purpose behind it?
If you specify an application instance ID, that value will be used as a context ID for the primary data sources on your model. It works the same way as using the triplet-ds-context-id for child data sources. The difference is that application instance ID is a fixed value for the application and it will not be changed. The value -1 means that the instance ID is not used for this application. This is an application metadata, so there is no reason for a workflow to change that value.
[Admin: This post is related to the 02.25.26 post about building an app in the UX framework, and the 12.11.15 post about the UX framework.]
I am running TRIRIGA Platform 3.5.2 (Build Number: 252769) and I have created a custom view called “njw-login”. This is listed in both the Web View Designer and the listviews command in WebViewSync. I have created some files for the view using the logintemplate command and pushed/pulled the files to make sure my local copy is in sync with the server. So, njw-login.html, njw-login-ui.html and the three images are listed as View Files for njw-login in the Web View Designer.
I updated TRIRIGAWEB.properties with the following line and restarted the app server (as the instructions placed in “njw-login” by the logintemplate command):
I checked that ALTERNATE_UX_LOGIN_VIEW only appears once in TRIRIGAWEB.properties, and I have also checked for white space at the end of the line. However, when I navigate to any of our UX apps, the standard TRIRIGA login screen is displayed. Additionally, the following line is added to server.log:
2017-01-02 15:06:46,463 WARN [com.ibm.tririga.platform.view.web.controller.WebSigninController](Default Executor-thread-16) The alternate UX login view njw-login does not exist.
Have I missed anything obvious?
[Admin: This post is related to the 03.22.16 post and 03.21.16 post about using an alternate login.]
I would like to create a page, which uses an existing model. How can this be done? I have already written some models, and wanted to reuse them in the new application I am writing. Are there any samples I can go through?
Assuming your new application relies on the same BO and fields defined in the model you’re attempting to reuse, you can link the new application in the Model-and-View Designer. For example: Your existing UX application will include Model (M1), View (V1), Model and View (M1V1), and Application (A1). So, for the new app, you would to create: View (V2), Model and View (M1V2), and Application (A2). Basically, the configuration needs to be done in Model-and-View Designer.
The TRIRIGA user is able to view or modify resources, and perform functions that they have not been authorized to, at various points throughout the application.
Steps to replicate:
- 1. Login to the application with a user who has access to Workflow Builder.
- 2. Navigate to edit a workflow. Copy the URL.
- 3. Login with a user who does NOT have access to Workflow Builder.
- 4. Adjust the security token in the copied URL and access the Workflow Builder with a non-authorized user.
In review of the failed pen test (penetration test), it seems this issue also exists for Reports (resolved), Lists, Globalization Manager, Currency Conversion, Portal Builder, and the UX Designers.
The TRIRIGA builder tools are vulnerable to privilege escalation. Moving forward, we fixed a privilege escalation vulnerability within the builder tools.