Article
· Dec 14, 2015 1m read

Cache Web Terminal Release 3.1.4

Hi ISC Community!

I'm pleased to announce new release of Caché Web Terminal 3.1.4.

What's new:

1. Drag'n'drop to Studio installation: just import xml in any namespace.

2. After import and comilation access your web terminal app on URL  server:port/terminal/.

F.e. localhost:57772/terminal/       

Slash is mandatory.

3. No need to use %CACHELIB anymore - please feel free to update your Caché and continue using CWT.

Download release here.

Source code for view and contribute here.

Post your issues here.  Want to add your own features - fork it!

Featured screencast   (previos version).

Enjoy!

Discussion (13)1
Log in or sign up to continue

Alex, the current WebTerminal version (3.1.4) supports only VT100/Caché TERM applications. The VT440 support was not in the close future todo list, but may become true anytime.

We had tried to run some "dinosaurs" in WebTerminal and some of them worked really well, but moslty it was all about the issue with the Caché command "USE": it breaks WebSocket connection and should be used properly considering that WebTerminal is an "over-TCP device". I believe one day we will find a way to make no difference between the common Terminal and WebTerminal behavior at this point, but today these application maybe should include a little fix to any usage of "USE" commands inside terminal applications.

I've just installed the Caché Web Terminal now but I want to make it much more secure.  (v4.0.0-beta.12)

At the moment, any valid user in cache>System>Security Management>Users table can log in to the web terminal.

How can I restrict the user(s) to a specific group of users ?? (ie the programmers)

Is it possible to have a setting that says "kevin" is a valid user, "_SYSTEM" is not a valid user

Perhaps even ip based rules (or a combination of both)

kevin

I've been playing with security on Cache Web Terminal and came up with one solution, but I've run into problems.
Can any one help please.

so. I went into the normal cache management portal, and added a new ROLE  that I called "webTerminalAccess" and then assigned it to just one user called "kevin"

I then edited WebTerminal.Engine and inserted the following lines after line 128

    d $System.Security.GetUserRecursedRoleSet(username,.accessRoles)
    if accessRoles'["webTerminalAccess" {
        return $LB("User " _ username _ " does NOT have access to the webTerminal ")
    }

when I test this patch for "kevin", it works correctly and allows me to log in.

If I log in with "Fred" (does not have "webTerminalAccess" role) it correctly shows me


Server refused WebSocket connection with the next message: User fred does NOT have access to the webTerminal See you!

but then I start to get problems. I have no ability to re-log in again with another username. it just repeatedly goes round and round repeating the same message.

I've allowed the session to timeout - same loop,
allowed timeout to run up to 24hrs - same loop.

If I comment out the new lines of code, then "fred" has access to the application.

do I have to do anything different to allow me to effectively reset the connection and log in again. - Its like I need to have the /logout followed by the /clear again.

no matter what I do, once the user is told "no access", I cannot log back on with ANY user (I'm stuck in "fred failed" mode)

Can any one help please

Hello Kevin!

It's all about setting up the /terminal web application. Go to the Management Portal -> System Administration -> Security -> Applications -> Web Applications, then choose /terminal web application.

There you can specify the required resource for this web application:

For example, you can specify %Development resource, which means that any users that do not have the access to this resource will not be able to log in to WebTerminal.

As _SYSTEM user has this access, you can create a custom resource, for example, WebTerminal, and create a role WebTerminal which provides the access to this resource, and then set up this role to the web application and assign this role only to those users you want to have access to WebTerminal.

Please, feel free to ask if you need more details about setting up roles and resources.

Thanks for the good question!

And a question to community: I think creating WebTerminal role/resource programmatically during the WebTerminal installation makes sense, does it? As well as adding some documentation on setup/use/roles/etc.

Hello Sebastian!

I am glad to hear you like WebTerminal. I do as much as possible to make it even better.

For now, WebTerminal may still have some escape sequences not implemented, and there is one issue that may also cause old "dinosaur" application to work in a little bit different way. If you find the reason causing the terminal application not to work as expected, please, feel free to describe this in the GitHub's issues section.