I'm building a little web app in OE 11.7.4 where I don't want to use the default login screen that comes with PASOE.
In my oeablSecurity.properties file for my app, I set these:
client.login.model=form
http.all.authmanager=local
I have my login screen built and it works fine. However, I need to control these things:
I see that WEB-INF/spring/formLoginModel.xml has a section that looks like this:
<form-login login-page="${http.formlogin.loginpage}"
login-processing-url="${http.formlogin.loginurl}"
always-use-default-target="false"
default-target-url="${http.formlogin.defaulturl}"
username-parameter="${http.formlogin.usernamefield}"
password-parameter="${http.formlogin.userpasswordfield}"
authentication-failure-url="${http.formlogin.failureurl}"
authentication-success-handler-ref="OEAuthnSuccessHandler"
authentication-failure-handler-ref="OEAuthnFailureHandler" />
I assumed those variables like http.formlogin.loginpage would be set in oeablSecurity.properties. I tried setting them in there, and it doesn't work. (See below)
############# Form login Filter bean ##########################################
http.formlogin.loginpage=/appname/web/login.html
http.formlogin.loginurl=/appname/static/auth/j_spring_security_check
http.formlogin.usedefaulttarget=false
http.formlogin.defaulturl=/appname/web/mainmenu.html
http.formlogin.failureurl=/static/auth/loginfail.html
I also tried hard-coding the values in formLoginModel.xml like this:
<form-login login-page="/appname/web/login.html" ... />
I've done multiple restarts here, and no matter what I do, if I'm not logged in and try to hit something that requires a login, it takes me to /myapp/static/auth/login.jsp instead of the appname/web/login.html that I've configured.
What gives? Where and how does one configure this?
It looks like you are in the right place and configuring the right thing. It is the URI value for the login page that is probably the problem. In a Java web application all URI configurations are relative to the root of the Java web application space, not to the root of the URL path.
Try changing /appname/web/login.html to /web/login.html
(If you are not going to use the sample login/logout files, which is perfectly reasonable, you probably want to remove them from your project)
Thanks for the response. After beating my head on a wall with this for way too many hours last week, I finally just edited some of the default files. I'll probably come back to your approach and test it out later today or tomorrow.
Just for reference if anyone else is facing the same thing, here's what I did:
All of the login/logout & error/exception JSP pages are there for simple testing, and for inclusion into your product's application. Most of the time changing the CSS to conform with your application requirements is good enough - but you are free to modify them within the bounds of Tomcat's JSP compiler (which is what you did).
Good luck!
Following up on this, adding the following to oeablSecurity.properties, and restarting the instance had no effect at all:
############# Form login Filter bean ##########################################
http.formlogin.loginpage=/web/login.html
http.formlogin.loginurl=/static/auth/j_spring_security_check
http.formlogin.usedefaulttarget=false
http.formlogin.defaulturl=/web/mainmenu.html
http.formlogin.failureurl=/static/auth/loginfail.html
Is it possible that this config just isn't hooked up to anything, or it can't be read at the webapp level?