Skip to main content


Eclipse Community Forums

      Home
Home » Eclipse Projects » Eclipse Scout » RAP - form based login?
RAP - form based login? [message #1433783] Mon, 29 September 2014 04:34 Go to next message
Eclipse UserFriend
Is there a way how to create a form based login in RAP client?

I have found only a solution with SecurityFilters and Servlets:

https://www.eclipse.org/forums/index.php/m/1248801/?srch=authentication#msg_1248801

Scout-Security-Concecpt
Re: RAP - form based login? [message #1435976 is a reply to message #1433783] Thu, 02 October 2014 03:58 Go to previous messageGo to next message
Eclipse UserFriend
The easiest way to activate form-based authentication is to use the facility provided by your webcontainer. An alternative would be to register a servlet-filter to listen for requests on the root alias which provides the user with a login-page if not authenticated yet.

In the following, I will present you the steps required for the first approach by using Tomcat webcontainer:

First, you need a login HTML-page like the following. Place that file (e.g. auth-login.html) into your 'web-resources' folder of your RAP application.
<html>
  <head>
    <title>Form Authentication</title>
  </head>
  <body>
    <form method="POST" action="j_security_check">
      <table>
        <tr>
          <th align="right">Username:</th>
          <td align="left"><input type="text" name="j_username"></td>
        </tr>
        <tr>
          <th align="right">Password:</th>
          <td align="left"><input type="password" name="j_password"></td>
        </tr>
        <tr>
          <td align="right"><input type="submit" value="Log In"></td>
          <td align="left"><input type="reset"></td>
        </tr>
      </table>
    </form>
  </body>
</html>

In the plugin.xml of your RAP application, make sure that there is registered kind of a resolver to make those resources accessible by an alias.
<extension point="org.eclipse.equinox.http.registry.resources">
  <resource alias="/res" base-name="/web-resources"/>
</extension>

This entry means that any resources placed in the 'web-resources' folder are accessible in the form '/res/*', in your case this would be '/res/auth-login.html'.

In a second step, activate form-based authentication in the web.xml of your application by adding the following sections:
<!-- Enable FORM-based authentication -->
<login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
    <form-login-page>/res/auth-login.html</form-login-page>
    <form-error-page>/res/ auth-login.html</form-error-page>	
  </form-login-config>
</login-config>

<!-- Configure a security role to access your application -->
<security-role>
  <role-name>appRole</role-name>
</security-role>

<!-- Make the static resources of '/res' accessible without authentication required -->
<security-constraint>
  <web-resource-collection>
    <web-resource-name>All Access</web-resource-name>
    <url-pattern>/res/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
  </web-resource-collection>
<user-data-constraint>
  <transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>	
			
<!-- Protect your application  -->
<security-constraint>
  <display-name>Restricted Access</display-name>
  <web-resource-collection>
    <web-resource-name>Restricted Access</web-resource-name>
    <url-pattern>/web/*</url-pattern>
    <url-pattern>/tablet/*</url-pattern>
    <url-pattern>/mobile/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
    <role-name>appRole</role-name>
  </auth-constraint>
  <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
</security-constraint>

To authenticate users, you have to configure a REALM [1]. A Realm is a 'database' of usernames and passwords that identify valid users of a web application. If not configured different, the Tomcat 'MemoryRealm' is used meaning that the user-role configuration is loaded from the file '$CATALINA_BASE/conf/tomcat-users.xml' at startup-time.

In that file, create a user and assign it the role configured in the web.xml.
<user username="user" password="password" roles="appRole"/>

For production use, I suggest you to go with the JDBCRealm. See [2] for more information of how to setup such a realm.

Finally, form-based-authentication should work. There is only one issue when it comes to HTTP-session invalidation due session expiration. It might happen, that the user is presented with a RAP parsing exception instead of the logout page. This is because RAP does not expect a HTML page to be returned for a running AJAX request. To solve this, set the init-param 'reloadOnSessionTimeout' of your LogoutFilter to 'true'.

[1] http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html
[2] http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JDBCRealm

[Updated on: Thu, 02 October 2014 04:00] by Moderator

Re: RAP - form based login? [message #1436039 is a reply to message #1435976] Thu, 02 October 2014 05:46 Go to previous messageGo to next message
Eclipse UserFriend
Thank you very much for your description.

I have a qustion to the second step. Can I handle the authentication over a Scout service (AbastractService) with this HTML-login form?



Re: RAP - form based login? [message #1647435 is a reply to message #1435976] Tue, 03 March 2015 07:28 Go to previous messageGo to next message
Eclipse UserFriend
(source: Re: Different ways to authenticate within the application)

Peter Pfeifer wrote on Tue, 03 March 2015 08:19
There is another topic in the forum where a form based login is describes. But at a point there is a web.xml needed, which I can't find in my whole workspace....

Peter


Daniel Wiehl is referring to the tomcat where you deploy your final war.

If I look in my tomcat installation, the directory looks like this:

APACHE-TOMCAT-7.0.56
|   LICENSE
|   NOTICE
|   RELEASE-NOTES
|   RUNNING.txt
|   
+---bin
|       <Tomcat bin Files>
|       
+---conf
|   |   catalina.policy
|   |   catalina.properties
|   |   context.xml
|   |   logging.properties
|   |   server.xml
|   |   tomcat-users.xml
|   |   web.xml
|   |   
|   \---Catalina
|       \---localhost
+---lib
|       <Tomcat lib Files>
|       
+---logs
|       <Tomcat logs Files>
|       
+---temp
|       
+---webapps
|       <Deployed war Files>
|                   
\---work
    \---Catalina
        \---localhost
            <internal files>


The mentioned web.xml file is in the conf directory.

About your workspace:
If you are using "Eclipse for Scout Developers" the Tooling "Servers view" that can be used to bind your Tomcat into your IDE is not installed. You need to install it separately (for example it is provided in "Eclipse For Java EE Developers"). Even if you had it installed, I am not sure that you will be able to modify the xml directly from Eclipse and I am not sure that you will be able to start the Eclipse Scout Server deployed in this tomcat from this view.

If you do not want to be Tomcat-dependent:
Maybe you are looking for the second pattern mentioned by Daniel:
Daniel Wiehl wrote on Thu, 02 October 2014 09:58
An alternative would be to register a servlet-filter to listen for requests on the root alias which provides the user with a login-page if not authenticated yet.
It should also be one possible way to go.

[Updated on: Tue, 03 March 2015 07:29] by Moderator

Re: RAP - form based login? [message #1647491 is a reply to message #1647435] Tue, 03 March 2015 08:02 Go to previous messageGo to next message
Eclipse UserFriend
Jeremie Bresson wrote on Tue, 03 March 2015 12:28
The mentioned web.xml file is in the conf directory.

About your workspace:
If you are using "Eclipse for Scout Developers" the Tooling "Servers view" that can be used to bind your Tomcat into your IDE is not installed. You need to install it separately (for example it is provided in "Eclipse For Java EE Developers"). Even if you had it installed, I am not sure that you will be able to modify the xml directly from Eclipse and I am not sure that you will be able to start the Eclipse Scout Server deployed in this tomcat from this view.


Well this means I have to use tomcat. But the plain Eclipse Scout SDK comes without the Server view. At least my Mars release for Linux.

I'll investigate the second possibilty without a Tomcat Smile

Peter
Re: RAP - form based login? [message #1690446 is a reply to message #1647491] Fri, 27 March 2015 07:07 Go to previous messageGo to next message
Eclipse UserFriend
Hi,

are there any news on this bugentry: https://bugs.eclipse.org/bugs/show_bug.cgi?id=425098

Regards, Peter
Re: RAP - form based login? [message #1695791 is a reply to message #1690446] Tue, 19 May 2015 06:21 Go to previous messageGo to next message
Eclipse UserFriend
Hi there,

I just wanted to ask, if there is any news on the above mentioned bug entry....

Is it also possible to do a form based login just with a downloaded Eclipse Scout SDK/IDE?

Regrads,

Peter
Re: RAP - form based login? [message #1696626 is a reply to message #1695791] Wed, 27 May 2015 10:31 Go to previous messageGo to next message
Eclipse UserFriend
This bug was created before BSI decided to drop the RAP UI layer.

Currently each application can implement a Form based login. There is no specific support for that in the scout framework. The idea of Bug 425098 was to provide the missing support.

I am afraid this will not be solved with Mars without a contribution (sponsoring or code contribution), because currently BSI is investing in the new WEB UI that will be available with the Neon release.

If you are interested in the Form based Login, you can check what Ken Lee has done for the BahBah demo application on this feature branch: features/kle/formBasedAuthentication

I did not test the code from Ken. I hope I will give you some ideas to start something similar in your own application.
Re: RAP - form based login? [message #1701948 is a reply to message #1696626] Fri, 17 July 2015 01:17 Go to previous messageGo to next message
Eclipse UserFriend
Hi Jeremie,

sorry for my late reply, but I was on parental leave and had literally no time to sit in front of my computer and try things.

I had a look at the above mentioned feature branch.... And now I think I know, where my missunderstanding is/was.

Form based login, does only work when the application is deployed to tomcat and is not working when starting inside eclipse? Am I right?

If so, would it be possible to get/see the web.xml from the BahBah demo application too?

Thx,

Peter
Re: RAP - form based login? [message #1703053 is a reply to message #1701948] Tue, 28 July 2015 06:50 Go to previous message
Eclipse UserFriend
Hi there,

so i tried to do it the same way as shown in the feature branch above.

The only thing I'm not sure is, how the web.xml has to look like. Because that is unfortunately not included in the branch....

Jermie, would it be possible to add the web.xml file here if it is available?

Thanks,

Peter
Previous Topic:Populate multi column TableField Table in form with data
Next Topic:Wizards and WizardForms.
Goto Forum:
  


Current Time: Tue Jul 08 02:09:31 EDT 2025

Powered by FUDForum. Page generated in 0.06425 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly