PASOE: Variables in formLoginModel.xml - Forum - OpenEdge Development - Progress Community

PASOE: Variables in formLoginModel.xml

 Forum

PASOE: Variables in formLoginModel.xml

This question is not answered

I'm building a little web app in OE 11.7.4 where I don't want to use the default login screen that comes with PASOE.

In my oeablSecurity.properties file for my app, I set these:

client.login.model=form

http.all.authmanager=local

I have my login screen built and it works fine.  However, I need to control these things:

  1. I want MY login screen used, (/appname/web/login.html) not the jsp one in /static/auth
  2. I want the user to be taken to the main menu - not /static/index.html

I see that WEB-INF/spring/formLoginModel.xml has a section that looks like this:

<form-login login-page="${http.formlogin.loginpage}"
login-processing-url="${http.formlogin.loginurl}"
always-use-default-target="false"
default-target-url="${http.formlogin.defaulturl}"
username-parameter="${http.formlogin.usernamefield}"
password-parameter="${http.formlogin.userpasswordfield}"
authentication-failure-url="${http.formlogin.failureurl}"
authentication-success-handler-ref="OEAuthnSuccessHandler"
authentication-failure-handler-ref="OEAuthnFailureHandler" />

I assumed those variables like http.formlogin.loginpage would be set in oeablSecurity.properties.  I tried setting them in there, and it doesn't work. (See below)

############# Form login Filter bean ##########################################
http.formlogin.loginpage=/appname/web/login.html
http.formlogin.loginurl=/appname/static/auth/j_spring_security_check
http.formlogin.usedefaulttarget=false
http.formlogin.defaulturl=/appname/web/mainmenu.html
http.formlogin.failureurl=/static/auth/loginfail.html

I also tried hard-coding the values in formLoginModel.xml like this:

<form-login login-page="/appname/web/login.html" ... />

I've done multiple restarts here, and no matter what I do, if I'm not logged in and try to hit something that requires a login, it takes me to /myapp/static/auth/login.jsp instead of the appname/web/login.html that I've configured.

What gives?  Where and how does one configure this?

 

All Replies
  • It looks like you are in the right place and configuring the right thing.   It is the URI value for the login page that is probably the problem.   In a Java web application all URI configurations are relative to the root of the Java web application space, not to the root of the URL path.  

    Try changing /appname/web/login.html to /web/login.html  

    (If you are not going to use the sample login/logout files, which is perfectly reasonable, you probably want to remove them from your project)

  • Thanks for the response.  After beating my head on a wall with this for way too many hours last week, I finally just edited some of the default files.  I'll probably come back to your approach and test it out later today or tomorrow.

    Just for reference if anyone else is facing the same thing, here's what I did:

    • Edited static/auth/login.jsp to have the getRequestDispatcher() function point to my login page (/web/login.html) instead of the default.
    • edited WEB-INF/errorPage.jsp as follows:
      • Line 20, replace with a request.getRequestDispatcher() call to my login page like this:
        • request.getRequestDispatcher("/web/login.html?error=1").forward(request, response);
      • Comment out all the HTML.
  • All of the login/logout & error/exception JSP pages are there for simple testing, and for inclusion into your product's application.   Most of the time changing the CSS to conform with your application requirements is good enough - but you are free to modify them within the bounds of Tomcat's JSP compiler (which is what you did).

    Good luck!

  • Following up on this, adding the following to oeablSecurity.properties, and restarting the instance had no effect at all:

    ############# Form login Filter bean ##########################################
    http.formlogin.loginpage=/web/login.html
    http.formlogin.loginurl=/static/auth/j_spring_security_check
    http.formlogin.usedefaulttarget=false
    http.formlogin.defaulturl=/web/mainmenu.html
    http.formlogin.failureurl=/static/auth/loginfail.html

    Is it possible that this config just isn't hooked up to anything, or it can't be read at the webapp level?