on 12-08-2008 5:34 PM
Is there an easy way to make a stand alone j2ee application use the same logon form as the portal via container managed authentication? Specifically - I'm wondering if there is a way to fill out this section in the web.xml such that any web application gets the same login page configured for the portal login? I don't want to write another custom page and code for ume authentication, and thinking this surely exists already and I'm just missing something...
<login-config>
<form-login-config>
<form-login-page>??????</form-login-page>
<form-error-page>??????</form-error-page>
</form-login-config>
</login-config>
Hi Chris,
You can configure your web application in such way that the default login page for the engine to be used. If you do not add login page and error page tags in web.xml then the default ones
will be used by the web appliction during authentication.
<login-config> tag should be as the following:
<login-config>
<auth-method>FORM</auth-method>
</login-config>
Best regards, Encho.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Did you try that way? Does it work?
I tried adding those tags and removing them too, no matter what, it takes me to the default login page. Not sure why this happens..
Sorry to ask you question here in this thread...but can you tell me are there any other steps (programmatic/configurations) that need to be done apart from those tags in web.xml in order to take the applicatin to the custom login page.
Thanks,
KSK
Hi,
Configuring in such way (without setting the login page) the default login page for the engine is used for authentication.
Chris,
Could you please clarify what you mean with this:
"such that any web application gets the same login page configured for the portal login". Configuring your application as I wrote before will show one login page for all your applications - default login page.
Could you also check please if you configure server role mappings in additional configuration file
web-j2ee-engine.xml:
<security-role-map>
<role-name>RoleName</role-name>
<server-role-name>ServerRole</server-role-name>
</security-role-map>
The documentation about this file for 7.10 can be found here:
http://help.sap.com/saphelp_nwce10/helpdata/en/45/06ec3c57240484e10000000a155369/content.htm
Best regards, Encho.
HI,
This is what I have in web.xml:
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>WebResource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>everyone</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- This allows the logon images to be displayed before authentication -->
<security-constraint>
<display-name>LogonImages</display-name>
<web-resource-collection>
<web-resource-name>LogonImages</web-resource-name>
<url-pattern>/images/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</security-constraint>
<security-constraint>
<display-name>LogonForm</display-name>
<web-resource-collection>
<web-resource-name>LogonForm</web-resource-name>
<url-pattern>*/index.html</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
</login-config>
<security-role>
<role-name>everyone</role-name>
</security-role>
web-j2ee-engine.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-j2ee-engine SYSTEM "web-j2ee-engine.dtd">
<web-j2ee-engine>
<security-role-map>
<role-name>everyone</role-name>
<server-role-name>all</server-role-name>
</security-role-map>
</web-j2ee-engine>
This doesn't work for me - ends in the "hanging" situation I described.
Thanks,
Chris
Hi Chris,
I check your scenario as I created simple application with protected resource and it works fine. I use the following:
- <security-constraint>
- <web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<description />
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
- <auth-constraint>
<role-name>RoleForServlet</role-name>
</auth-constraint>
</security-constraint>
- <login-config>
<auth-method>FORM</auth-method>
</login-config>
Could you please check the following:
1. Could you check please if your engine is configured to use https? Because the configuration:
<transport-guarantee>CONFIDENTIAL</transport-guarantee> means that the https will be used.
Or you can check if your application works as you remove this tag and see what will happen.
2. About this:
<!-- This allows the logon images to be displayed before authentication -->
<security-constraint>
<display-name>LogonImages</display-name>
<web-resource-collection>
<web-resource-name>LogonImages</web-resource-name>
<url-pattern>/images/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</security-constraint>
<security-constraint>
<display-name>LogonForm</display-name>
<web-resource-collection>
<web-resource-name>LogonForm</web-resource-name>
<url-pattern>*/index.html</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</security-constraint>
According servlet specification when there is an authorization constraint with no roles - access to the constrained requests must not be permitted under any circumstances. So could you please remove this tags and see the results.
Also this "<url-pattern>*/index.html</url-pattern>": */index.html according specification is wrong - please see servlet specification about url-pattern.
3. Could you please check that the server role "all" set in additional xml exists on the server. For my example I use the role "administrators".
Best regards, Encho.
Hello Encho,
Thank you again for your assistance - i've awarded points for your help.
The short answer though, is that all of your suggestions haven't made my scenario work.
Server role "all" and "guests" are there by default, and i reference them and use them for other application scenarios.
This is what I have in web.xml per your suggestions:
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>WebResource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>everyone</role-name>
</auth-constraint>
<user-data-constraint>
<!-- Parameter transport.guarantee in .ant-global.properties -->>
<!-- It appears the web dispatcher won't forward you on to
https like it is supposed to, but this will still
prevent people from accessing via http -->
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name>LogonForm</display-name>
<web-resource-collection>
<web-resource-name>LogonForm</web-resource-name>
<url-pattern>index.html</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>guests</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<!-- <form-login-config>
<form-login-page>formLogon.jsp</form-login-page>
<form-error-page>logonError.jsp</form-error-page>
</form-login-config> -->
</login-config>
<security-role>
<role-name>everyone</role-name>
</security-role>
<security-role>
<role-name>guests</role-name>
</security-role>
and web-j2ee-engine.xml:
<web-j2ee-engine>
<security-role-map>
<role-name>everyone</role-name>
<server-role-name>all</server-role-name>
</security-role-map>
<security-role-map>
<role-name>guests</role-name>
<server-role-name>guests</server-role-name>
</security-role-map>
<login-module-configuration>
<login-module-stack>
<!-- All three login-modules need to exist to get the SSO ticket evaluation process to work -->
<!-- SSO ticket -->
<login-module>
<login-module-name>com.sap.security.core.server.jaas.EvaluateTicketLoginModule</login-module-name>
<flag>sufficient</flag>
<options>
<option>
<name>ume.configuration.active</name>
<value>true</value>
</option>
</options>
</login-module>
<login-module>
<login-module-name>BasicPasswordLoginModule</login-module-name>
<flag>requisite</flag>
</login-module>
<login-module>
<login-module-name>com.sap.security.core.server.jaas.CreateTicketLoginModule</login-module-name>
<flag>optional</flag>
<options>
<option>
<name>ume.configuration.active</name>
<value>true</value>
</option>
</options>
</login-module>
</login-module-stack>
</login-module-configuration>
</web-j2ee-engine>
Chris
User | Count |
---|---|
87 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.