i am new to web services using java. i am working on an application that has login page coded using JAASLoginModule. from there it navigates to pages in the application which are rest-based. when i copy the URL of rest page in another browser, it doesn't ask for credentials.need to implement SSO between these two. could anybody provide pointers for the same as in what method and what all configurations need to be changed?
Related
We have a legacy application which was developed in Adobe Flex/Java. We have another application being developed in Angular JS. Requirement is to redirect the user from Angular JS app to Flex app. So, we have decided to just do a POST request to Flex app along with passing the parameters in URL. Flex app requires few parameters, like login user details, to login to Flex application. So, When Angular JS redirects the user to Flex app using $location we are also appending the URL with required login user details. However, the problem, I see is , all these values are appearing in browser's URL which is not acceptable to the end user.
My Question is
1) What is the best way to redirect from Angular JS app to Flex app along with passing parameters and not to be visible to users on Browser's URL.
2) If whatever described above is correct, can you please suggest us on how to hide query parameters in browser window ? Can that be handled in Angular JS or do I have to make some changes in Flex app.
Thanks in advance !
There are two more methods to use.
1) Pass parameters to your swf via html embed and read it in swf on load (using FlashVars):
http://kb2.adobe.com/cps/164/tn_16417.html
2) Write login data to browser cookies and read it in swf (using calls to JavaScript in your page via ExternalInterface)
Also please refer to Accessing browser cookies from Flex
Accessing browser cookies from Flex
Original Question:
html form post to flex app
I have a Java desktop application, and I have to open some web page using default browser by click a button. I can do it like this:
Desktop.getDesktop().browse(uri);
But there is a requirement: web page has basic authentication and it must have been passed automatically, without typing login and password by user.
How can I do it?
check out how to operate the Browser (the non-java application) from java using Robots as described here
How is your desktop app authenticating the user?
Do you have an authentication or session ID after the user logs in through your desktop app?
If so, you need to add that to the URI and have a service end-point that knows how to deal with it. Not ideal as you are exposing the authentication ID as part of the URL.
For example
Desktop.getDesktop().browse("https://myservice/loginFromDesktop?auth=" + URLEncoder.encoder(authID, "UTF-8");
This assumes you actually have control over the web service :)
Background: Our current technology architecture includes Tomcat Servlets that do backend activities and Codeigniter PHP which handles the presentation layer. So when a particular page is loaded, the Codeigniter View invokes the Controller which constructs the servlet URL with necessary input parameters and invokes the URL and gets the response and passes it back to the View so that the page is rendered.
Issue: User information and login credentials are stored in database and is validated by PHP front end. There is no authentication for the Tomcat servlets and in cases where we need user information in the backend, the user id is passed as a parameter to the backend.
Currently Tomcat and PHP resides on the same server and we have used firewall port based restrictions to ensure that servlets can be invoked only from within the server to secure the servlets.
Help required : We are looking to implement token based authentication and authorization mechanism for the servlets. If we can get some sort of existing library that we can easily plug-in to our servlets, that would be ideal. Otherwise please guide what would be the best solution to implement without too much code changes but would effectively secure the backend servlets.
Cássio Mazzochi Molin have a nice articel about the topic : Token-based authentication with JAX-RS 2.0
I'm pretty new to Angular and jsp and I have a question about general architecture of a single-page system.
I understand that jsp mvc has it's own security features that some of course related to conditionally delivering static/dynamic pages to the clients.
How can that feature work with Angular? Obviously in a single page application, working with partials, the server does not need to pass pages to the client.
My specific question is about the login page. Do I need to separate my login html from my main 'single-page' index.html with all my routes?
Will I have a 'login.jsp' file which is a stand-alone file handled by jsp and only after login routing to the single-page part of the application?
Thanks!!!
Regarding the login part:
My recommendation is that as an application developer you should not be thinking in how to implement your login page. This would bind your application to a specific authentication mechanism, and its a sign of getting into troubles (implementing the whole app security by your own)
It is preferable that this binding is performed in a pluggable (declarative) way, like it is done in JEE by the container or in Spring security by a dedicated framework.
So answering your question: you should no have a login.jsp at all, this page would be automatically generated once you have properly configured your application security with a 'login form' authentication mechanism. (Both JEE and Spring provide also mechanisms for customizing this pages).
The framework/container would intercept the request to your web app, identify if the user is authenticated, redirect to the login page and finally redirect to the original url, if authentication succeeds.
Cheers,
Nacho
I am using J2EE authentication for my application, and mine is single-page web application, which uses '#bookmark' to refresh different sections using Ajax. I wanted to make these links bookmarkable. But the '#bookmark' part is getting removed after authentication.
For example I've a page, which is authenticated, with URL 'http://mydomain/my-page' and if '#my-section' is added to it, page will refresh the section using Ajax, and URL looks like 'http://mydomain/my-page#my-section'. If I book mark this link, and use it before logging-in, J2EE authentication redirects me to login page, after I provide my credentials, it redirects me to 'http://mydomain/my-page'.
How can I make it to redirect to the URL with '#my-section' part intact?
I can think of a solution using Valve implementation, but is there any other way of doing it?
Using J2EE Form based authentication on Tomcat7, and UserDatabaseRealm as security realm.
After some reading, I understood that URL hash is never sent to server, and it is not possible automatically.
we might've to implement solution to store the URL hash locally, and use it to add the same to the URL after successful login redirection.