Use 'Integrated Windows Authentication' in web client

Using Servoy to administrate the content of your website? Discuss all webrelated Servoy topics on this forum!

Use 'Integrated Windows Authentication' in web client

Postby patrick1366356481 » Mon Jan 20, 2014 6:11 pm

Hi,

In corporate intranets based on Windows desktops and IIS users expect to be seamlessly logged on to web applications by the Integrated Windows Authentication feature of IE and IIS.

Before using Servoy to develop our web application we used the open source Java library WAFFLE (http://dblock.github.io/waffle/) to support this on Tomcat. Is something similar possible with the Servoy web client?
Patrick Rosendaal
Aenova Software
http://www.aenova.nl
patrick1366356481
 
Posts: 5
Joined: Fri Apr 19, 2013 9:28 am

Re: Use 'Integrated Windows Authentication' in web client

Postby jcarlos » Tue Jan 21, 2014 7:41 am

We have used UrlRewriteFilter to tidy up the long Servoy URL of Servoy when deploying web applications.

We use UrlRewriteFilter because it is a Java Web Filter for the Tomcat application server. Servoy uses Tomcat.

I suppose that if you used the Java library WAFFLE to support Windows Authentication feature of IE and IIS on Tomcat, WAFFLE should also work on Servoy/Tomcat. 

Hope this helps, but honestly I am not an expert on these matters.

Good luck, JC
Juan-Carlos Sanchez, Stanford University - Law and Economics
jcarlos
 
Posts: 578
Joined: Thu May 04, 2006 8:55 pm
Location: Palo Alto, California USA

Re: Use 'Integrated Windows Authentication' in web client

Postby Yeroc » Tue Jan 21, 2014 6:35 pm

Yes this is possible. As jcarlos mentioned Servoy embeds Tomcat (%SERVOY_HOME%\application_server\server) so you can configure the embedded Tomcat instance as you normally would for Waffle, ensuring that the Servoy servlets require authentication (by adjusting %SERVOY_HOME%\application_server\server\webapps\ROOT\WEB-INF\web.xml appropriately).

Once Tomcat is configured you can change the login form in your Login solution to a simple splash screen and in onShow() do something like:
Code: Select all
  var username = null;
  if (application.getApplicationType() == APPLICATION_TYPES.WEB_CLIENT)
  {
    /** @type {Packages.org.apache.wicket.protocol.http.WebRequestCycle} */
    var reqcycle = Packages.org.apache.wicket.RequestCycle.get();
    var request = reqcycle.getWebRequest().getHttpServletRequest();

    var principal = request.getUserPrincipal();
    if (!principal)
    {
      // This should never happen if Tomcat is properly configured...
      error = "Missing authentication information!";
    }
    else
    {
      username = principal.getName();
      // now call your authenticator with the pre-authenticated username...
      security.authenticate('my_authenticator', 'myAuthenticateMethod', [username]);
    }
  }


The Servoy authenticator won't validate the credentials since they've been pre-authenticated and can simply call security.login().

If you need to map roles then things are a bit more complicated because JEE APIs don't provide an method to get a list of the roles but you can hack around that by casting the Principal returned above to Tomcat's proprietary GenericPrincipal and call getRoles() on that...
Yeroc
 
Posts: 109
Joined: Tue Aug 12, 2008 1:12 am
Location: Calgary, AB, Canada


Return to Web Development

Who is online

Users browsing this forum: No registered users and 2 guests