PASOE: Variables in formLoginModel.xml

Posted by ssouthwe on 18-Jul-2019 21:30

I'm building a little web app in OE 11.7.4 where I don't want to use the default login screen that comes with PASOE.

In my oeablSecurity.properties file for my app, I set these:

client.login.model=form

http.all.authmanager=local

I have my login screen built and it works fine.  However, I need to control these things:

  1. I want MY login screen used, (/appname/web/login.html) not the jsp one in /static/auth
  2. I want the user to be taken to the main menu - not /static/index.html

I see that WEB-INF/spring/formLoginModel.xml has a section that looks like this:

<form-login login-page="${http.formlogin.loginpage}"
login-processing-url="${http.formlogin.loginurl}"
always-use-default-target="false"
default-target-url="${http.formlogin.defaulturl}"
username-parameter="${http.formlogin.usernamefield}"
password-parameter="${http.formlogin.userpasswordfield}"
authentication-failure-url="${http.formlogin.failureurl}"
authentication-success-handler-ref="OEAuthnSuccessHandler"
authentication-failure-handler-ref="OEAuthnFailureHandler" />

I assumed those variables like http.formlogin.loginpage would be set in oeablSecurity.properties.  I tried setting them in there, and it doesn't work. (See below)

############# Form login Filter bean ##########################################
http.formlogin.loginpage=/appname/web/login.html
http.formlogin.loginurl=/appname/static/auth/j_spring_security_check
http.formlogin.usedefaulttarget=false
http.formlogin.defaulturl=/appname/web/mainmenu.html
http.formlogin.failureurl=/static/auth/loginfail.html

I also tried hard-coding the values in formLoginModel.xml like this:

<form-login login-page="/appname/web/login.html" ... />

I've done multiple restarts here, and no matter what I do, if I'm not logged in and try to hit something that requires a login, it takes me to /myapp/static/auth/login.jsp instead of the appname/web/login.html that I've configured.

What gives?  Where and how does one configure this?

 

All Replies

Posted by Michael Jacobs on 20-Jul-2019 11:04

It looks like you are in the right place and configuring the right thing.   It is the URI value for the login page that is probably the problem.   In a Java web application all URI configurations are relative to the root of the Java web application space, not to the root of the URL path.  

Try changing /appname/web/login.html to /web/login.html  

(If you are not going to use the sample login/logout files, which is perfectly reasonable, you probably want to remove them from your project)

Posted by ssouthwe on 22-Jul-2019 14:35

Thanks for the response.  After beating my head on a wall with this for way too many hours last week, I finally just edited some of the default files.  I'll probably come back to your approach and test it out later today or tomorrow.

Just for reference if anyone else is facing the same thing, here's what I did:

  • Edited static/auth/login.jsp to have the getRequestDispatcher() function point to my login page (/web/login.html) instead of the default.
  • edited WEB-INF/errorPage.jsp as follows:
    • Line 20, replace with a request.getRequestDispatcher() call to my login page like this:
      • request.getRequestDispatcher("/web/login.html?error=1").forward(request, response);
    • Comment out all the HTML.

Posted by Michael Jacobs on 23-Jul-2019 21:01

All of the login/logout & error/exception JSP pages are there for simple testing, and for inclusion into your product's application.   Most of the time changing the CSS to conform with your application requirements is good enough - but you are free to modify them within the bounds of Tomcat's JSP compiler (which is what you did).

Good luck!

Posted by ssouthwe on 30-Jul-2019 17:57

Following up on this, adding the following to oeablSecurity.properties, and restarting the instance had no effect at all:

############# Form login Filter bean ##########################################
http.formlogin.loginpage=/web/login.html
http.formlogin.loginurl=/static/auth/j_spring_security_check
http.formlogin.usedefaulttarget=false
http.formlogin.defaulturl=/web/mainmenu.html
http.formlogin.failureurl=/static/auth/loginfail.html

Is it possible that this config just isn't hooked up to anything, or it can't be read at the webapp level?

This thread is closed