Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    Smartclient Authentication system

    Hi,
    i'm trying to develop a simple smartclient CMS webapp and i'm stuck on the login process.
    i've read a thousand time the "relogin" page without have any real clue because it's based on the idea of an external already existing authentication system that need to be integrated in SmartClient.
    But what if i'd like to develop a smartclient login solution ?
    Soo far i've followed the secureApp example and this is what i've modified in my project:

    WEB.xml
    Code:
    <filter>
        <filter-name>AuthAdminAuthenticator</filter-name>
        <filter-class>com.isomorphic.auth.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>authenticator</param-name>
            <param-value>authAdmin</param-value>
        </init-param>
        <init-param>
            <param-name>maxTries</param-name>
            <param-value>-1</param-value>
        </init-param>
        <init-param>
            <param-name>defaultLoginRedirect</param-name>
            <param-value>/index.jsp</param-value>
        </init-param>
        <init-param>
            <param-name>loginPage</param-name>
            <param-value>/auth/login.jsp</param-value>
        </init-param>
        <!-- Rules file is necessary when some files in a directory must not be authenticated,
             while the rest of the directory must be authenticated. -->
        <init-param>
            <param-name>rules</param-name>
            <param-value>
                ignore:#/isomorphic/*#
                match:#.*#
            </param-value>
        </init-param>
    </filter>    

    <filter-mapping>
        <filter-name>AuthAdminAuthenticator</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    admin.app.xml (admin is my app name)
    Code:
    <Application>
    <rpcBindings>
        <ServerObject ID="SecureAppDMI" className="it.zerob.admin.auth.SecureAppDMI">
            <visibleMethods>
                <method name="login"/>
                <method name="getUserInfo"/>
                <method name="logout"/>
            </visibleMethods>
        </ServerObject>
    </rpcBindings>
</Application>
    secureAppDMI.java
    Code:
    /*
    Isomorphic SmartClient secure application DMI layer
    
    This class demonstrates DMI methods to develop SmartClient applications with
    authentication. The form-based authentication interface, located at
    isomorphic/login/iscAuth/*, relies on the server redirecting the client to various
    pages after login. The use of a DMI interface allows SmartClient applications
    fewer page transitions, greater flexibility, and a more seamless user interface.
    
    This authentication approach requires IDACall to be protected with AuthenticationFilter.
    To allow some IDACall requests to be authenticated but not others, it is suggested
    that a second IDACall mapping is created within the authenticated part of the site.
    See /WEB-INF/web.xml for more details.
*/

package it.zerob.admin.auth;

import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;

import com.isomorphic.util.*;
import com.isomorphic.auth.*;
import com.isomorphic.servlet.*;

public class SecureAppDMI {
    public SecureAppDMI() { }

    /* Call this method to attempt to log in to the system. See /examples/secureApp/login.jsp
       for example usage.
       
       By the time this is called, AuthenticationFilter has already run and accepted/rejected
       the credentials provided by the user. All that is left to do is to check its status
       and return useful information if successful.
   */
    public Map login(RequestContext context) throws Exception {
        if (Authentication.isAuthenticated(context)) return getUserInfo(context);
        return null;
    }

    /* Fetch information about the currently logged-in user. Only the user ID, user name,
       and user profile are returned. The password is stripped. */
    public Map getUserInfo(RequestContext context) throws Exception {
        Map user = (Map)Authentication.getUser(context);
        if (user == null) return null;

        // strip out the password
        List props = DataTools.buildList("id", "username", "profile");
        user = DataTools.subsetMap(user, props);

        return user;
    }
    /* Logs the user out (clears all authentication info). */
    public void logout(RequestContext context) throws Exception {
        Authentication.clearAuthInfo(context);
    }
}
    server.properties
    Code:
    # -------------- SECURE APPLICATION EXAMPLE DEFINITIONS --------------------
authentication.enabled: yes

# superuserRole: If specified, user with this role will have access to all 
# dataSource operations regardless of the any requiresRole settings
#authentication.superuserRole: manager

authenticator.authAdmin: com.isomorphic.datasource.DataSourceAuthenticator
authenticator.authAdmin.datasource: TS_UTENTI
authenticator.authAdmin.usernameField: username
authenticator.authAdmin.passwordField: password
#authenticator.authAdmin.saltField: salt
authenticator.authAdmin.cookieDomain: .foo.it
authenticator.authAdmin.sessionTimeout: 1800
    The login.jsp page is exactly as in the example folder.
    When i try to access my index.jsp page the filter redirects me to login.jsp, the login dialog appears and here come the strange behavior:
    - if i leave the login form empty and try to login the dialog simply disappears and i can see this in console:
    Code:
    === 2014-09-06 20:29:27,208 [ec-7] DEBUG DataSourceAuthenticator - no user record for username: 
=== 2014-09-06 20:29:27,208 [ec-7] INFO  AuthenticationFilter - AuthAdminAuthenticator (realm: AuthAdminAuthenticator, securityLevel: 0) - Authentication failed, try # 0
=== 2014-09-06 20:29:27,208 [ec-7] DEBUG AuthenticationFilter - AuthAdminAuthenticator (realm: AuthAdminAuthenticator, securityLevel: 0) - ALLOWED access to public resource: /isomorphic/IDACall (matched by rule: ignore:#/isomorphic/*# located in: rules init-param in web.xml)

    - the same thing happens if i write wrong user credentials

    - if i write correct user credentials, in console i can read this
    Code:
    === 2014-09-06 20:12:41,593 [ec-5] DEBUG DataSourceAuthenticator - datasource auth succeded for username: m
=== 2014-09-06 20:12:41,593 [ec-5] INFO  AuthenticationFilter - AuthAdminAuthenticator (realm: AuthAdminAuthenticator, securityLevel: 0) - Authentication attempt succeeded
    subsequently the login dialog disappears but the browser is not redirected to the index.jsp and in the login method of SecureAppDMI "Authentication.isAuthenticated(context)" is false in any case.


    how can i solve this ?
    am i doing something wrong ?

    Browser Google Chrome 37.0.2062.103 m
    OS. Windows 7 Pro x64
    SmartClient Version SmartClient_v91p_2014-07-08_Evaluation
    Last edited by Medioman92; 8 Sep 2014, 02:10. Reason: missing information
    Tags: None
Previous template Next
Working...
X