Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » scout » Eclipse Scout disable login?
Eclipse Scout disable login? [message #1774241] Thu, 12 October 2017 06:50 Go to next message
Corrado Parisi is currently offline Corrado ParisiFriend
Messages: 32
Registered: September 2016
Member
For an internal, productive application a login could be omitted. Is there a sensible way to disable the default scout login?

I have only found the option to set in the config.properties:

### Development
scout.dev.mode=true

This disables the login but maybe brings other, unwished side-effects such as an instable production system.

Report message to a moderator

Re: Eclipse Scout disable login? [message #1774350 is a reply to message #1774241] Fri, 13 October 2017 06:54 Go to previous messageGo to next message
Benjamin Schulte is currently offline Benjamin SchulteFriend
Messages: 34
Registered: December 2016
Member
Take a look at UiServletFilter.doFilter method.

Report message to a moderator

Re: Eclipse Scout disable login? [message #1774351 is a reply to message #1774241] Fri, 13 October 2017 07:20 Go to previous messageGo to next message
Beat Schwarzentrub is currently offline Beat SchwarzentrubFriend
Messages: 112
Registered: November 2010
Senior Member
Yes, there are a couple of side effects when you turn on development mode that are not suitable for production use (e.g. disabled caching).

Authentication in Scout is based on plain J2EE security (JAAS). You basically handle authentication in servlet filters, the application itself does not have to deal with it. It just expects to be running in a JAAS security context (Subject.doAs). If you look at your web.xml file, you will see a preconfigured servlet filter. This is the one Benjamin has mentioned. It's located in your project, so you may freely adjust it to your needs. The doFilter() method delegates to one or more "access controlers". One of those is the DevelopmentAccessController, which is responsible for the disabled login screen in development mode (it just creates a JAAS Principal using the current user name). But you may also create your own access controllers.

For your purpose, it may be sufficient to use the AnonymousAccessController that is included in Scout (org.eclipse.scout.rt.server.commons.authentication.AnonymousAccessController).

Regards,
Beat

Report message to a moderator

Re: Eclipse Scout disable login? [message #1774371 is a reply to message #1774351] Fri, 13 October 2017 11:46 Go to previous message
Corrado Parisi is currently offline Corrado ParisiFriend
Messages: 32
Registered: September 2016
Member
Thanks for the given information!

Works perfectly.

For others here are more detailed steps I performed on the UiServletFilter:

1) Add field:
private AnonymousAccessController m_anonymousAccessController;

2) Initialize the field in the init method:
m_anonymousAccessController = (AnonymousAccessController.class).init();

3) Add if statement to doFilter method analogue to the other ones:
if(m_anonymousAccessController.handle(req, resp, chain)) {
return;
}

4) Call m_anonymousAccessController.destroy(); in the destroy() method for consistency reasons. (It does nothing).

You are done. :)


If you want to disable this functionality you could specify: scout.auth.anonymous.enabled=false

In the config.properties of the ui.html module.



Report message to a moderator

Previous Topic:Apache - Tomcat forwarding does not work with a scout application
Next Topic:Eclipse Scout
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Oct 16 05:16:51 GMT 2019

Powered by FUDForum. Page generated in 0.01578 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly