|
Re: RAP - form based login? [message #1435976 is a reply to message #1433783] |
Thu, 02 October 2014 07:58 |
Daniel Wiehl Messages: 1 Registered: May 2016 |
Junior Member |
|
|
The easiest way to activate form-based authentication is to use the facility provided by your webcontainer. An alternative would be to register a servlet-filter to listen for requests on the root alias which provides the user with a login-page if not authenticated yet.
In the following, I will present you the steps required for the first approach by using Tomcat webcontainer:
First, you need a login HTML-page like the following. Place that file (e.g. auth-login.html) into your 'web-resources' folder of your RAP application.
<html>
<head>
<title>Form Authentication</title>
</head>
<body>
<form method="POST" action="j_security_check">
<table>
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="j_password"></td>
</tr>
<tr>
<td align="right"><input type="submit" value="Log In"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
</form>
</body>
</html>
In the plugin.xml of your RAP application, make sure that there is registered kind of a resolver to make those resources accessible by an alias.
<extension point="org.eclipse.equinox.http.registry.resources">
<resource alias="/res" base-name="/web-resources"/>
</extension>
This entry means that any resources placed in the 'web-resources' folder are accessible in the form '/res/*', in your case this would be '/res/auth-login.html'.
In a second step, activate form-based authentication in the web.xml of your application by adding the following sections:
<!-- Enable FORM-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/res/auth-login.html</form-login-page>
<form-error-page>/res/ auth-login.html</form-error-page>
</form-login-config>
</login-config>
<!-- Configure a security role to access your application -->
<security-role>
<role-name>appRole</role-name>
</security-role>
<!-- Make the static resources of '/res' accessible without authentication required -->
<security-constraint>
<web-resource-collection>
<web-resource-name>All Access</web-resource-name>
<url-pattern>/res/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- Protect your application -->
<security-constraint>
<display-name>Restricted Access</display-name>
<web-resource-collection>
<web-resource-name>Restricted Access</web-resource-name>
<url-pattern>/web/*</url-pattern>
<url-pattern>/tablet/*</url-pattern>
<url-pattern>/mobile/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>appRole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
To authenticate users, you have to configure a REALM [1]. A Realm is a 'database' of usernames and passwords that identify valid users of a web application. If not configured different, the Tomcat 'MemoryRealm' is used meaning that the user-role configuration is loaded from the file '$CATALINA_BASE/conf/tomcat-users.xml' at startup-time.
In that file, create a user and assign it the role configured in the web.xml.
<user username="user" password="password" roles="appRole"/>
For production use, I suggest you to go with the JDBCRealm. See [2] for more information of how to setup such a realm.
Finally, form-based-authentication should work. There is only one issue when it comes to HTTP-session invalidation due session expiration. It might happen, that the user is presented with a RAP parsing exception instead of the logout page. This is because RAP does not expect a HTML page to be returned for a running AJAX request. To solve this, set the init-param 'reloadOnSessionTimeout' of your LogoutFilter to 'true'.
[1] http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html
[2] http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JDBCRealm
[Updated on: Thu, 02 October 2014 08:00] by Moderator Report message to a moderator
|
|
|
|
Re: RAP - form based login? [message #1647435 is a reply to message #1435976] |
Tue, 03 March 2015 12:28 |
Jeremie Bresson Messages: 1252 Registered: October 2011 |
Senior Member |
|
|
(source: Re: Different ways to authenticate within the application)
Peter Pfeifer wrote on Tue, 03 March 2015 08:19There is another topic in the forum where a form based login is describes. But at a point there is a web.xml needed, which I can't find in my whole workspace....
Peter
Daniel Wiehl is referring to the tomcat where you deploy your final war.
If I look in my tomcat installation, the directory looks like this:
APACHE-TOMCAT-7.0.56
| LICENSE
| NOTICE
| RELEASE-NOTES
| RUNNING.txt
|
+---bin
| <Tomcat bin Files>
|
+---conf
| | catalina.policy
| | catalina.properties
| | context.xml
| | logging.properties
| | server.xml
| | tomcat-users.xml
| | web.xml
| |
| \---Catalina
| \---localhost
+---lib
| <Tomcat lib Files>
|
+---logs
| <Tomcat logs Files>
|
+---temp
|
+---webapps
| <Deployed war Files>
|
\---work
\---Catalina
\---localhost
<internal files>
The mentioned web.xml file is in the conf directory.
About your workspace:
If you are using "Eclipse for Scout Developers" the Tooling "Servers view" that can be used to bind your Tomcat into your IDE is not installed. You need to install it separately (for example it is provided in "Eclipse For Java EE Developers"). Even if you had it installed, I am not sure that you will be able to modify the xml directly from Eclipse and I am not sure that you will be able to start the Eclipse Scout Server deployed in this tomcat from this view.
If you do not want to be Tomcat-dependent:
Maybe you are looking for the second pattern mentioned by Daniel:
Daniel Wiehl wrote on Thu, 02 October 2014 09:58An alternative would be to register a servlet-filter to listen for requests on the root alias which provides the user with a login-page if not authenticated yet. It should also be one possible way to go.
[Updated on: Tue, 03 March 2015 12:29] Report message to a moderator
|
|
|
Re: RAP - form based login? [message #1647491 is a reply to message #1647435] |
Tue, 03 March 2015 13:02 |
|
Jeremie Bresson wrote on Tue, 03 March 2015 12:28The mentioned web.xml file is in the conf directory.
About your workspace:
If you are using "Eclipse for Scout Developers" the Tooling "Servers view" that can be used to bind your Tomcat into your IDE is not installed. You need to install it separately (for example it is provided in "Eclipse For Java EE Developers"). Even if you had it installed, I am not sure that you will be able to modify the xml directly from Eclipse and I am not sure that you will be able to start the Eclipse Scout Server deployed in this tomcat from this view.
Well this means I have to use tomcat. But the plain Eclipse Scout SDK comes without the Server view. At least my Mars release for Linux.
I'll investigate the second possibilty without a Tomcat
Peter
|
|
|
|
Re: RAP - form based login? [message #1695791 is a reply to message #1690446] |
Tue, 19 May 2015 10:21 |
|
Hi there,
I just wanted to ask, if there is any news on the above mentioned bug entry....
Is it also possible to do a form based login just with a downloaded Eclipse Scout SDK/IDE?
Regrads,
Peter
|
|
|
|
Re: RAP - form based login? [message #1701948 is a reply to message #1696626] |
Fri, 17 July 2015 05:17 |
|
Hi Jeremie,
sorry for my late reply, but I was on parental leave and had literally no time to sit in front of my computer and try things.
I had a look at the above mentioned feature branch.... And now I think I know, where my missunderstanding is/was.
Form based login, does only work when the application is deployed to tomcat and is not working when starting inside eclipse? Am I right?
If so, would it be possible to get/see the web.xml from the BahBah demo application too?
Thx,
Peter
|
|
|
Re: RAP - form based login? [message #1703053 is a reply to message #1701948] |
Tue, 28 July 2015 10:50 |
|
Hi there,
so i tried to do it the same way as shown in the feature branch above.
The only thing I'm not sure is, how the web.xml has to look like. Because that is unfortunately not included in the branch....
Jermie, would it be possible to add the web.xml file here if it is available?
Thanks,
Peter
|
|
|
Powered by
FUDForum. Page generated in 0.03115 seconds