Hi,
i'm trying to develop a simple smartclient CMS webapp and i'm stuck on the login process.
i've read a thousand time the "relogin" page without have any real clue because it's based on the idea of an external already existing authentication system that need to be integrated in SmartClient.
But what if i'd like to develop a smartclient login solution ?
Soo far i've followed the secureApp example and this is what i've modified in my project:
WEB.xml
admin.app.xml (admin is my app name)
secureAppDMI.java
server.properties
The login.jsp page is exactly as in the example folder.
When i try to access my index.jsp page the filter redirects me to login.jsp, the login dialog appears and here come the strange behavior:
- if i leave the login form empty and try to login the dialog simply disappears and i can see this in console:
- the same thing happens if i write wrong user credentials
- if i write correct user credentials, in console i can read this
subsequently the login dialog disappears but the browser is not redirected to the index.jsp and in the login method of SecureAppDMI "Authentication.isAuthenticated(context)" is false in any case.
how can i solve this ?
am i doing something wrong ?
i'm trying to develop a simple smartclient CMS webapp and i'm stuck on the login process.
i've read a thousand time the "relogin" page without have any real clue because it's based on the idea of an external already existing authentication system that need to be integrated in SmartClient.
But what if i'd like to develop a smartclient login solution ?
Soo far i've followed the secureApp example and this is what i've modified in my project:
WEB.xml
Code:
<filter>
<filter-name>AuthAdminAuthenticator</filter-name>
<filter-class>com.isomorphic.auth.AuthenticationFilter</filter-class>
<init-param>
<param-name>authenticator</param-name>
<param-value>authAdmin</param-value>
</init-param>
<init-param>
<param-name>maxTries</param-name>
<param-value>-1</param-value>
</init-param>
<init-param>
<param-name>defaultLoginRedirect</param-name>
<param-value>/index.jsp</param-value>
</init-param>
<init-param>
<param-name>loginPage</param-name>
<param-value>/auth/login.jsp</param-value>
</init-param>
<!-- Rules file is necessary when some files in a directory must not be authenticated,
while the rest of the directory must be authenticated. -->
<init-param>
<param-name>rules</param-name>
<param-value>
ignore:#/isomorphic/*#
match:#.*#
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>AuthAdminAuthenticator</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>Code:
<Application>
<rpcBindings>
<ServerObject ID="SecureAppDMI" className="it.zerob.admin.auth.SecureAppDMI">
<visibleMethods>
<method name="login"/>
<method name="getUserInfo"/>
<method name="logout"/>
</visibleMethods>
</ServerObject>
</rpcBindings>
</Application>Code:
/*
Isomorphic SmartClient secure application DMI layer
This class demonstrates DMI methods to develop SmartClient applications with
authentication. The form-based authentication interface, located at
isomorphic/login/iscAuth/*, relies on the server redirecting the client to various
pages after login. The use of a DMI interface allows SmartClient applications
fewer page transitions, greater flexibility, and a more seamless user interface.
This authentication approach requires IDACall to be protected with AuthenticationFilter.
To allow some IDACall requests to be authenticated but not others, it is suggested
that a second IDACall mapping is created within the authenticated part of the site.
See /WEB-INF/web.xml for more details.
*/
package it.zerob.admin.auth;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import com.isomorphic.util.*;
import com.isomorphic.auth.*;
import com.isomorphic.servlet.*;
public class SecureAppDMI {
public SecureAppDMI() { }
/* Call this method to attempt to log in to the system. See /examples/secureApp/login.jsp
for example usage.
By the time this is called, AuthenticationFilter has already run and accepted/rejected
the credentials provided by the user. All that is left to do is to check its status
and return useful information if successful.
*/
public Map login(RequestContext context) throws Exception {
if (Authentication.isAuthenticated(context)) return getUserInfo(context);
return null;
}
/* Fetch information about the currently logged-in user. Only the user ID, user name,
and user profile are returned. The password is stripped. */
public Map getUserInfo(RequestContext context) throws Exception {
Map user = (Map)Authentication.getUser(context);
if (user == null) return null;
// strip out the password
List props = DataTools.buildList("id", "username", "profile");
user = DataTools.subsetMap(user, props);
return user;
}
/* Logs the user out (clears all authentication info). */
public void logout(RequestContext context) throws Exception {
Authentication.clearAuthInfo(context);
}
}Code:
# -------------- SECURE APPLICATION EXAMPLE DEFINITIONS --------------------
authentication.enabled: yes
# superuserRole: If specified, user with this role will have access to all
# dataSource operations regardless of the any requiresRole settings
#authentication.superuserRole: manager
authenticator.authAdmin: com.isomorphic.datasource.DataSourceAuthenticator
authenticator.authAdmin.datasource: TS_UTENTI
authenticator.authAdmin.usernameField: username
authenticator.authAdmin.passwordField: password
#authenticator.authAdmin.saltField: salt
authenticator.authAdmin.cookieDomain: .foo.it
authenticator.authAdmin.sessionTimeout: 1800When i try to access my index.jsp page the filter redirects me to login.jsp, the login dialog appears and here come the strange behavior:
- if i leave the login form empty and try to login the dialog simply disappears and i can see this in console:
Code:
=== 2014-09-06 20:29:27,208 [ec-7] DEBUG DataSourceAuthenticator - no user record for username:
=== 2014-09-06 20:29:27,208 [ec-7] INFO AuthenticationFilter - AuthAdminAuthenticator (realm: AuthAdminAuthenticator, securityLevel: 0) - Authentication failed, try # 0
=== 2014-09-06 20:29:27,208 [ec-7] DEBUG AuthenticationFilter - AuthAdminAuthenticator (realm: AuthAdminAuthenticator, securityLevel: 0) - ALLOWED access to public resource: /isomorphic/IDACall (matched by rule: ignore:#/isomorphic/*# located in: rules init-param in web.xml)- the same thing happens if i write wrong user credentials
- if i write correct user credentials, in console i can read this
Code:
=== 2014-09-06 20:12:41,593 [ec-5] DEBUG DataSourceAuthenticator - datasource auth succeded for username: m
=== 2014-09-06 20:12:41,593 [ec-5] INFO AuthenticationFilter - AuthAdminAuthenticator (realm: AuthAdminAuthenticator, securityLevel: 0) - Authentication attempt succeededhow can i solve this ?
am i doing something wrong ?