cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FORM based J2ee application authentication

Go to solution
Former Member

on ‎12-08-2008 5:34 PM

0 Kudos

Is there an easy way to make a stand alone j2ee application use the same logon form as the portal via container managed authentication? Specifically - I'm wondering if there is a way to fill out this section in the web.xml such that any web application gets the same login page configured for the portal login? I don't want to write another custom page and code for ume authentication, and thinking this surely exists already and I'm just missing something...

<login-config>

<form-login-config>

<form-login-page>??????</form-login-page>

<form-error-page>??????</form-error-page>

</form-login-config>

</login-config>

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-29-2008 11:32 AM
0 Kudos

Hi Chris,

You can configure your web application in such way that the default login page for the engine to be used. If you do not add login page and error page tags in web.xml then the default ones

will be used by the web appliction during authentication.

<login-config> tag should be as the following:

<login-config>

<auth-method>FORM</auth-method>

</login-config>

Best regards, Encho.

Show replies
Show replies
Former Member
‎01-02-2009 9:07 PM
0 Kudos

Hi,

Did you try that way? Does it work?

I tried adding those tags and removing them too, no matter what, it takes me to the default login page. Not sure why this happens..

Sorry to ask you question here in this thread...but can you tell me are there any other steps (programmatic/configurations) that need to be done apart from those tags in web.xml in order to take the applicatin to the custom login page.

Thanks,

KSK

Former Member
‎01-05-2009 5:45 AM
0 Kudos

Encho,

Using what you suggested doesn't work at all for me - actually results in what I would describe as an endless loop/hang situation where a page is never found and the IE globe keeps turning. Have you done this in your environment?

Former Member
‎01-07-2009 11:50 AM
0 Kudos

Hi,

Configuring in such way (without setting the login page) the default login page for the engine is used for authentication.

Chris,

Could you please clarify what you mean with this:

"such that any web application gets the same login page configured for the portal login". Configuring your application as I wrote before will show one login page for all your applications - default login page.

Could you also check please if you configure server role mappings in additional configuration file

web-j2ee-engine.xml:

<security-role-map>

<role-name>RoleName</role-name>

<server-role-name>ServerRole</server-role-name>

</security-role-map>

The documentation about this file for 7.10 can be found here:

http://help.sap.com/saphelp_nwce10/helpdata/en/45/06ec3c57240484e10000000a155369/content.htm

Best regards, Encho.

Former Member
‎01-07-2009 6:18 PM
0 Kudos

HI,

This is what I have in web.xml:

<security-constraint>

<display-name>SecurityConstraint</display-name>

<web-resource-collection>

<web-resource-name>WebResource</web-resource-name>

<url-pattern>/*</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

</web-resource-collection>

<auth-constraint>

<role-name>everyone</role-name>

</auth-constraint>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

<!-- This allows the logon images to be displayed before authentication -->

<security-constraint>

<display-name>LogonImages</display-name>

<web-resource-collection>

<web-resource-name>LogonImages</web-resource-name>

<url-pattern>/images/*</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

</web-resource-collection>

</security-constraint>

<security-constraint>

<display-name>LogonForm</display-name>

<web-resource-collection>

<web-resource-name>LogonForm</web-resource-name>

<url-pattern>*/index.html</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

</web-resource-collection>

</security-constraint>

<login-config>

<auth-method>FORM</auth-method>

</login-config>

<security-role>

<role-name>everyone</role-name>

</security-role>

web-j2ee-engine.xml:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE web-j2ee-engine SYSTEM "web-j2ee-engine.dtd">

<web-j2ee-engine>

<security-role-map>

<role-name>everyone</role-name>

<server-role-name>all</server-role-name>

</security-role-map>

</web-j2ee-engine>

This doesn't work for me - ends in the "hanging" situation I described.

Thanks,

Chris

Former Member
‎01-12-2009 12:22 PM
0 Kudos

Hi Chris,

I check your scenario as I created simple application with protected resource and it works fine. I use the following:

- <security-constraint>

- <web-resource-collection>

<web-resource-name>Protected Area</web-resource-name>

<description />

<url-pattern>/*</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

</web-resource-collection>

- <auth-constraint>

<role-name>RoleForServlet</role-name>

</auth-constraint>

</security-constraint>

- <login-config>

<auth-method>FORM</auth-method>

</login-config>

Could you please check the following:

1. Could you check please if your engine is configured to use https? Because the configuration:

<transport-guarantee>CONFIDENTIAL</transport-guarantee> means that the https will be used.

Or you can check if your application works as you remove this tag and see what will happen.

2. About this:

<!-- This allows the logon images to be displayed before authentication -->

<security-constraint>

<display-name>LogonImages</display-name>

<web-resource-collection>

<web-resource-name>LogonImages</web-resource-name>

<url-pattern>/images/*</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

</web-resource-collection>

</security-constraint>

<security-constraint>

<display-name>LogonForm</display-name>

<web-resource-collection>

<web-resource-name>LogonForm</web-resource-name>

<url-pattern>*/index.html</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

</web-resource-collection>

</security-constraint>

According servlet specification when there is an authorization constraint with no roles - access to the constrained requests must not be permitted under any circumstances. So could you please remove this tags and see the results.

Also this "<url-pattern>*/index.html</url-pattern>": */index.html according specification is wrong - please see servlet specification about url-pattern.

3. Could you please check that the server role "all" set in additional xml exists on the server. For my example I use the role "administrators".

Best regards, Encho.

Former Member
‎01-21-2009 8:12 PM
0 Kudos

Hello Encho,

Thank you again for your assistance - i've awarded points for your help.

The short answer though, is that all of your suggestions haven't made my scenario work.

Server role "all" and "guests" are there by default, and i reference them and use them for other application scenarios.

This is what I have in web.xml per your suggestions:

<security-constraint>

<display-name>SecurityConstraint</display-name>

<web-resource-collection>

<web-resource-name>WebResource</web-resource-name>

<url-pattern>/*</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

</web-resource-collection>

<auth-constraint>

<role-name>everyone</role-name>

</auth-constraint>

<user-data-constraint>

<!-- Parameter transport.guarantee in .ant-global.properties -->>

<!-- It appears the web dispatcher won't forward you on to

https like it is supposed to, but this will still

prevent people from accessing via http -->

<transport-guarantee>NONE</transport-guarantee>

</user-data-constraint>

</security-constraint>

<security-constraint>

<display-name>LogonForm</display-name>

<web-resource-collection>

<web-resource-name>LogonForm</web-resource-name>

<url-pattern>index.html</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

</web-resource-collection>

<auth-constraint>

<role-name>guests</role-name>

</auth-constraint>

</security-constraint>

<login-config>

<auth-method>FORM</auth-method>

<!-- <form-login-config>

<form-login-page>formLogon.jsp</form-login-page>

<form-error-page>logonError.jsp</form-error-page>

</form-login-config> -->

</login-config>

<security-role>

<role-name>everyone</role-name>

</security-role>

<security-role>

<role-name>guests</role-name>

</security-role>

and web-j2ee-engine.xml:

<web-j2ee-engine>

<security-role-map>

<role-name>everyone</role-name>

<server-role-name>all</server-role-name>

</security-role-map>

<security-role-map>

<role-name>guests</role-name>

<server-role-name>guests</server-role-name>

</security-role-map>

<login-module-configuration>

<login-module-stack>

<!-- All three login-modules need to exist to get the SSO ticket evaluation process to work -->

<!-- SSO ticket -->

<login-module>

<login-module-name>com.sap.security.core.server.jaas.EvaluateTicketLoginModule</login-module-name>

<flag>sufficient</flag>

<options>

<option>

<name>ume.configuration.active</name>

<value>true</value>

</option>

</options>

</login-module>

<login-module>

<login-module-name>BasicPasswordLoginModule</login-module-name>

<flag>requisite</flag>

</login-module>

<login-module>

<login-module-name>com.sap.security.core.server.jaas.CreateTicketLoginModule</login-module-name>

<flag>optional</flag>

<options>

<option>

<name>ume.configuration.active</name>

<value>true</value>

</option>

</options>

</login-module>

</login-module-stack>

</login-module-configuration>

</web-j2ee-engine>

Chris

Answers (0)

Ask a Question