Login issue for url patterns ignored by Josso

Help
Shahid
2012-04-18
2013-05-20
  • Shahid

    Shahid - 2012-04-18

    Hi,

    I am facing issue related to configuring "public-Resources" inside my application's web.xml
    I have some url patterns which should be ignored by Josso Agent, so i configured this way

    My josso-agent-config.xml includes

    <ignore-web-resource-collections>public-resources,img-resources</ignore-web-resource-collections>
    

    security-constraint inside web.xml

        <security-constraint>
            <web-resource-collection>
                <web-resource-name>protected-resources</web-resource-name>
               
                <url-pattern>/digests/list.page</url-pattern>
                <url-pattern>/user/edit/*</url-pattern>
                <url-pattern>/user/profile/*</url-pattern>
                <http-method>HEAD</http-method>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>PUT</http-method>
                <http-method>DELETE</http-method>
                
            </web-resource-collection>
         
            <auth-constraint>
                 <role-name>*</role-name>
                 </auth-constraint>
        </security-constraint>
        
         <security-constraint>
            <web-resource-collection>
                <!-- We're going to unprotect this resource and make it available for all users. -->
                <web-resource-name>public-resources</web-resource-name>
                <url-pattern>/rss/*</url-pattern>
              [b][i]  <url-pattern>/forums/list.page</url-pattern>
                <url-pattern>/posts/*</url-pattern>
                <url-pattern>/recentTopics/*</url-pattern>[/i][/b]
                <url-pattern>/images/*</url-pattern>
                <url-pattern>/transformations/*</url-pattern>
                
                <http-method>HEAD</http-method>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>PUT</http-method>
                <http-method>DELETE</http-method>
            </web-resource-collection>
        </security-constraint>
    

    Issue Facing:
    1. After successful login with Josso, Pages with patterns declared inside "public-resources" are not showing page logged in, whereas other pages which are in "protected-resources" showing page logged in
    For Example: url with pattern  "/forums/list.page" and "/recentTopics/*" are not login in
    whereas urls "/digests/list.page" are logged in

    2.If i Comment url-patterns inside "public-resources",then everything works fine.
    or else if i remove    "public-resources"  from "josso-config-agent.xml" and keep url-patterns  inside "public-resources" will also work fine

    3. But my requirement is to keep  "public-resources" as it is and include above patterns which should be ignore by josso

    is something is missing in my configuration?

    and can you please brief in how this functionality works?

    by some research by i found that using "ignore-url-patterns" inside <web-resource-collection> for "public-resources" is solving the issue but i want to know is there any difference in using <ignore-url-patterns>  and  <url-pattern>   ??

    if we use <ignore-url-patterns> then will it cause any problem?
    or is there any other recommended solution for this issue?

    Kindly Help me in this in urgent

    Thanks in Advance

    Shahid

     
  • hugo

    hugo - 2012-04-19

    Hey Shahid,

    I'm also new to JOSSO but I today I've been struggling with the same issue.
    I think you've also found this related post: http://sourceforge.net/projects/josso/forums/forum/399715/topic/4670835

    I think you need to add the <ignore-url-patterns>  to the josso-agent-config.xml file and not to your web-resource-collection in your web.xml

    let me know if it works because I'm not a 100% sure yet.
    (I'm trying to let my webapp use it's own login form, but after hitting the login button I get redirected to a blank page at http://domeina.nl:8181/basicdemo/josso_authentication/)

    Regards,
    Hugo

     
  • Shahid

    Shahid - 2012-05-21

    Hey Hugo,

    really sorry for late reply,

    Actually i still have same issue pending
    and after investigating, i found that there is no such tag present <ignore-url-patterns>.
    and thats why it is being ignored. if you put something else instead of <ignore-url-patterns>, for example <some-ignore-url-patterns>, this is also working :D

    so i think we need to find some other solution for the same.
    please let me know if you find something related to this.

    Regards,
    Shahid

     
  • hugo

    hugo - 2012-05-22

    Hey Shahid,

    I was able to get my application with it's own login form working using JOSSO1.
    Now I've moved on to trying to prove JOSSO can be used as a solution for this business case that I have, so trying to get my application to have it's own login form with JOSSO2 has a low priority, because I assume that if it works in JOSSO1 soon enough it will work for JOSSO2 too.

    But if you find a way to do this with JOSSO2 please let me know, or if you have a specific question feel free to send me a PM.

    Hugo

     

Log in to post a comment.