[neon] Suggestion for JEE conform login procedure [message #1728144] |
Thu, 31 March 2016 11:14 |
Urs Beeli Messages: 573 Registered: October 2012 Location: Bern, Switzerland |
Senior Member |
|
|
We are using standard JEE security provided by the Web Application Server (Tomcat and/or Websphere). In order to make this work, we had to adjust the following parts of LoginBox.js:
Original Scout code:
[...snipped...]
this.$form = $('<form>')
.attr('action', 'auth')
.attr('method', 'post')
.submit(this._onLoginFormSubmit.bind(this))
.appendTo(this.$content);
[...snipped...]
var url = this.$form.attr('action');
var data = {
user: this.$user.val(),
password: this.$password.val()
};
[...snipped...]
Our modified code:
[...snipped...]
this.$form = $('<form>')
.attr('action', 'j_security_check')
.attr('method', 'post')
.submit(this._onLoginFormSubmit.bind(this))
.appendTo(this.$content);
[...snipped...]
var url = this.$form.attr('action');
var data = {
j_username: this.$user.val(),
j_password: this.$password.val()
};
[...snipped...]
Wouldn't it be possible to make your own authentication filter work with j_security_check, j_username and j_password instead of auth, user and password. This way, the standard container provided security mechanisms could be used out of the box without the need to modify LoginBox.js.
[Updated on: Thu, 31 March 2016 11:15] Report message to a moderator
|
|
|
Re: [neon] Suggestion for JEE conform login procedure [message #1728224 is a reply to message #1728144] |
Fri, 01 April 2016 07:41 |
|
I assume you included <form-login-config> and <security-constraint> into your web.xml, right? I didn't even know that JEE authentication works with ajax calls.
I'm not sure if we should switch to JEE conform naming by default, because I don't know whether this is just working by accident or really intended by the JEE container. Maybe we could make the endpoint and variables configurable or add a jee mode option.
|
|
|
|
Powered by
FUDForum. Page generated in 0.02444 seconds