Usually the data displayed in WebChart is very confidential, only few people can access and view it. So WebChart must has some security settings to control the access of the WCML pages. You can use four properties to control it.
WEBCHART.SECURITY={TRUE|FALSE}
WEBCHART.DEFAULTACCESS={ALLOW|DENY}
WEBCHART.DENY=role|role|...
WEBCHART.ALLOW=role|role|...
How to judge whether the page can be accessed or not? Please take a look at the following graph.
How to login? It just create a web session and set the following session attributes.
SESSION.LOGINID=user id
SESSION.LOGINNAME=user name
SESSION.LOGINROLE=role list
You can create your own login pages. Or use the WebChart's default login features, it requires you create a user table in the ADMINDB data source, and insert the user data.
CREATE TABLE WEB_USERS
(
LOGIN_ID VARCHAR(20) NOT NULL PRIMARY KEY,
LOGIN_NAME VARCHAR(50) NOT NULL,
LOGIN_PASSWD VARCHAR(20) NOT NULL,
LOGIN_ROLE VARCHAR(100)
)
Then submit "LOGIN_ID", "LOGIN_PASSWORD", "LOGIN_PAGE" (The redirect page after success login), "ERROR_PAGE" (The redirect page for login failure) to "login.sa". For logout, just submit "LOGIN_PAGE" (The redirect page after successful login) to "logout.sa".
<form action="login.sa" method="post">
<input type="hidden" name="LOGIN_PAGE" value="...">
<input type="hidden" name="ERROR_PAGE" value="...">
<table border="0">
<tr>
<td> Username: </td>
<td><input type="text" name="LOGIN_ID" size="20">
</td>
</tr>
<tr>
<td>Password: </td>
<td><input type="password" name="LOGIN_PASSWORD" size="20">
<input type="submit" Value="Login">
</td>
</tr>
</table>
</form>
I think it should be enough for intranet use. To prevent SQL injection, all the SQL must be specified in WCML files, it cannot be passwd through web form parameters.