tomcat+josso1.8.6+spring - spring

I use JOSSO 1.8.6. I configure all in the Tomcat lib directory file related to JOSSO, and I'm also doing all configuration in web application[spring] WEB-INF file. I got the below URL.
http://localhost:8080/TestLogin/?josso_cmd=login_optional
&josso_back_to=http://localhost:8080/TestLoginDemo/josso_security_check
&josso_partnerapp_id=TestLoginDemo
But my question is:
My parent web application is --TestLogin means this application login page is main to display all the other web application [child web application].
I have 3 child application
TestLoginDemo
jossoLogin1
JossoLoginDemo
All are spring application.
I hit in browser mean URL is http://localhost:8080/TestLoginDemo
So the below URL I see
http://localhost:8080/TestLogin/?josso_cmd=login_optional
&josso_back_to=http://localhost:8080/TestLoginDemo/josso_security_check
&josso_partnerapp_id=TestLoginDemo
But after the successful login I find the TestLogin flow means not transfer to the TestLoginDemo.
So what is the way if I have to carry on flow for TestLoginDemo?
And; after success this URL:
http://localhost:8080/TestLogin/?josso_cmd=login_optional
&josso_back_to=http://localhost:8080/TestLoginDemo/josso_security_check
&josso_partnerapp_id=TestLoginDemo
login page I got below URL in success:
http://localhost:8080/TestLogin/login.htm
instead of the below correct URL:
http://localhost:8080/TestLoginDemo/login.htm
Could anybody guide me on how to achieve this?

Why josso_cmd=login_optional, did you set it up like this ? By default this is unecessary to specify the josso_cmd argument.
In order to get back to the original application, you have to use josso_partnerapp_ctx argument (don't forget to encode URL), this will be passed to the security check page that will lead you to this page if the security check is sucessfull
Usually, URL looks like this:
https://login.domain.com/josso/signon/login.do?josso_back_to=https://site.domain.com/Josso/Check&josso_partnerapp_host=site.domain.com&josso_partnerapp_ctx=https%3a%2f%2site.domain.com%2fhome.html

Related

XHR to same domain being blocked

I'm having a pretty weird problem with CORS on a webapp I'm trying to make
I'm using Servlets (Tomcat8.0) for the backend. It's a school project, so I can't use a framework
A GET request to http://localhost:8080/FileBox/dashboard
returns a JSON payload( plain json, not jsonp,which I could use, but its the same domain). I'm using ajax to make the XHR, but it's being blocked by chrome as CORS
Should this be happening, since I'm making the XHR from the same domain(host+port)
'localhost:8080/FileBox/dashboard.jsp'
to
'localhost:8080/FileBox/dashboard'
Please, and thank you for the help!
You aren't making a request to http://localhost:8080/FileBox/dashboard. The error message says you are making a cross-origin request using an unsupported scheme and that http is a supported scheme.
Presumably you have made the two mistakes of:
Getting the URL wrong
You should be using a relative URL:
/FileBox/dashboard
but are trying to use an absolute URL:
http://localhost:8080/FileBox/dashboard
but have typed it wrong and are actually requesting
localhost:8080/FileBox/dashboard
Not loading the page over HTTP to start with
Possibly by double clicking the file in your system file manager, you have bypassed your HTTP server and are loading something like file:///c:/users/you/yourproject/index.html
Combined with the previous mistake, you end up trying to request file:///c:/users/you/yourproject/localhost:8080/FileBox/dashboard, with Ajax and get a security violation.
Solution
Fix the URL to be a proper relative URL
Point your browser at http://localhost:8080 instead of double clicking files in your file manager

$urlRouteProvider, simple routing

Can't get my head around $urlRouterPovider...
basically whenever I go to a link it should load associated view and controller. So that works.
$urlRouterProvider.when("/","/home")
$urlRouterProvider.otherwise("/error")
$stateProvider.state('views', {
url: "/:view",
templateUrl: function(stateParams, formResolver) {
return "views/" + stateParams.view + "/" + stateParams.view + "-view.html";
},
controllerProvider: function($stateParams) {
return "" + $stateParams.view + "Ctrl";
}
});
So whenever user goes to http://localhost:3030/#/foo, it loads "views/foo/foo.html" with controller as "fooCtrl", and goes to home by default, and for all other cases errror.
That is cool. What I need though, whenever user goes to http://localhost:3030/#/auth it would redirect to "/auth" on the server, skipping stateProvider. Currently it sees that as a state and tries to find corresponding view and controller.
If you need to redirect them to the server you need to leave out the #/ part of the URL.
The browser ignores the the #/ portion of the URL, which is how AngularJS is able to allow the page you server from localhost:3030/#/ handle the request. This is essentially still just requesting localhost:3030/
If you are wanting to do a true redirect or navigation to /auth on your server, ignore state for that request - you want your browser to make a straight-up HTTP request pointed directly at your server. Use /auth as the action in your form, or post to /auth from within your controller. When you are done on the server, redirect the user back to your Angular application.
Remember as well that you need to have some mechanism for your AngularJS application to know ehnIn our applications, we have the server set a cookie with a JWT token in it that is then used by the AngularJS application to retrieve the user information. This way the AngularJS application knows how to tell when a the user is really logged in (vs. a user going to a URL that represents a logged-in state).

Java Servlet on Tomcat called from AJAX

I want to call a Servlet from ajax in a Java WebApp, using Tomcat7.
I used the annotation #WebServlet("/VServlet") to mapping it in the WebApp, because of Tomcat7 support Servlet 3.0.
I call the servlet with the jquery command "$.getJSON('VServlet', function(data){ ... });" but if I use the string 'VServlet', it doesn't work.
Only if I use the entire url 'http:// localhost:8080/WebAppName/VServlet' it works, but only in my pc. However I have to deploy it on a server that has a commercial domain name, obviously different from "localhost".
Please, can anyone tell me if there is a way to address the servlet with a relative url?
Because if I use a string like 'http://my.domain.it:8080/WebAppName/VServlet' it doesn't work on the Tomcat7 that is on the server machine.
Thanks.
------------------EDIT-----------------------
I try to explain better my problem.
I have a Java Servlet that return a json structure. The servlet is called in a javascript file that have to draw a graph in a web page, building a SVG image. I have to deploy this web app on a commercial Windows server with Tomcat7 installed.
The web app generally works. Any errors are displayed from the user point of view. Simply the image doesn't appear if I use that strings I wrote above, to call the servlet.
I suppose that the servlet doesn't respond because I use a wrong address/naming. If I use an absolute url, the servlet responds to the js caller, but I need a relative string, so if the domain name of the server will change, I won't change the code of the js file too.
When you call
$.getJSON('VServlet', ... );
you are making a HTTP GET request to an URL relative to the current URL. That is, if you're in /webapp/users/user.xhtml you'll be sending a request to /webapp/users/VServlet which obviously doesn't match the URL pattern of your servlet and not the thing you're trying to achieve.
You need to take into account the context path of a JSF application that's available in view as #{request.contextPath} to build up a proper absolute URL:
$.getJSON('#{request.contextPath}/VServlet', ... );
This will send a request to http://localhost:8080/webapp/VServlet.
In case you need to send request to a path relative to the root, such request URLs start with a slash, / and represent URLs relative to the root, no matter where you're right now:
$.getJSON('/VServlet', ... );
This will send a request to http://localhost:8080/VServlet.
if your js code is inside jsp page Instead of the code
$.getJSON('VServlet', function(data){ ... });
write
"$.getJSON('${request.contextPath}/VServlet', function(data){ ... });
other wise if this code is in some js file in a function something like
function someFunction(){
$.getJSON('VServlet', function(data){ ... });
}
and you are calling function someFunction() from jsp
then you add a parameter to the function like this -
function someFunction(url){
$.getJSON('VServlet', function(data){ ... });
}
and now call it from jsp like this -
someFunction('${request.contextPath}/VServlet')
because ${request.contextPath}/VServlet is an el tag and it will get compiled only in jsp page

Spring MVC -> dependent on URL display welcome page

I have a Spring MVC application (version 3.0.5.RELEASE) and I have this in my mvc-config.xml:
<mvc:view-controller path="/" view-name="welcome"/>
So requests to "/" are forwarded to the welcome view welcome.jsp.
This means in my case, calling the URL http://myproject-test.mydomain.com/ will forward to the welcome.jsp. It's fine, but I have to extend it. Besides the URL http://myproject-test.mydomain.com/, I have the URL http://myproject-anothertest.mydomain.com/. With this URL, the whole application should be the same, except the welcome page.
Calling http://myproject-anothertest.mydomain.com/, I want to have the welcome-test.jsp page instead of the welcome.jsp.
So, how can I do this? I have to know from which subomain (myproject-test or myproject-anothertest) the user calls the site and then show him welcome.jsp or welcome-test.jsp.
Does anyone know how this can be done?
Thank you in advance & Best Regards, Tim.
The tag <mvc:view-controller> maps to ParameterizableViewController
You could inherit your own controller class from its parent, AbstractController, and use the request parameter in method handleRequestInternal to deduce which hostname is being used to access your page, then use the appropriate view.
HTTP request header Host contains (if using HTTP/1.1) the "virtual" server name that is being used to access your page. Older HTTP/1.0 protocol does not have the Host header, and some proxies map traffic to HTTP/1.0, in that case you will not be able to distinguish between the traffic using different names.
In JSP, you could use <%=request.getServerName()%> to access the Host header value. See doc for getServerName.

Proxy config for cross site Ajax (JSON) calls in Websphere Portal 7

First off, I'm new to portal development in general, and thus have no previously experience with Websphere Portal. Note: URLs have been changed to protect the innocent.
I have a portlet on Websphere Portal 7 where I'm trying to make an Ajax call (a POST in this case) to another server. I know I have to create the proxy-config and wire up the ProxyServlet so Portal will allow the cross site ajax call, and I have done that. However, I'm getting a 403 Forbidden message when calling the proxied service.
Here's my proxy-config.xml:
<proxy:proxy-rules
xmlns:proxy="http://www.ibm.com/xmlns/prod/sw/ajax/proxy-config/1.1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<proxy:mapping contextpath="/proxy" url="*"/>
<proxy:policy acf="none" url="*">
<proxy:actions>
<proxy:method>GET</proxy:method>
<proxy:method>POST</proxy:method>
</proxy:actions>
</proxy:policy>
<proxy:policy acf="none" url="https://subdomain.domain.org/ss/services/*">
<proxy:actions>
<proxy:method>GET</proxy:method>
<proxy:method>POST</proxy:method>
</proxy:actions>
</proxy:policy>
<proxy:meta-data>
<proxy:name>max-connections-per-host</proxy:name>
<proxy:value>5</proxy:value>
</proxy:meta-data>
<proxy:meta-data>
<proxy:name>max-total-connections</proxy:name>
<proxy:value>100</proxy:value>
</proxy:meta-data>
</proxy:proxy-rules>
Here is the ProxyServlet in web.xml:
<servlet>
<servlet-name>ProxyServlet</servlet-name>
<servlet-class>com.ibm.wps.proxy.servlet.ProxyServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ProxyServlet</servlet-name>
<url-pattern>/ss/services/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ProxyServlet</servlet-name>
<url-pattern>/proxy/*</url-pattern>
</servlet-mapping>
And here is the URL that I'm attempting to call from javascript (via jQuery):
"wps/proxy/https/subdomain.domain.org/ss/services/service1"
I'm currently getting 403 Forbidden "The URL you tried to access through the proxy is not allowed" error message. And this is the URL Firebug shows the portlet is hitting (seems to be correct):
http://portalsubdomain.domain.org:77777/wps/proxy/https/subdomain.domain.org/ss/services/service1.
Based on the proxy docs for wp7, I know 403 means one of the following:
The request was not accepted by the proxy, that is the proxy found no matching access policy that grants access to the target server.
Basic authentication failed.
It should've found the proxy policy since I have it defined for all URLs, so what am I missing? I'm figuring I either haven't configured the proxy policy correctly (authentication?) or I haven't constructed the URL in the JSON call correctly. I reviewed the format "rules" but haven't been able to come up with a solution that works.
A couple of things to note:
This portlet is on a child page of another page, and dojo is part of a custom theme we created
We are using LDAP to log into the portal, so not sure if that makes any difference as well. I'm logging in with portal admin rights when running this.
The URL for the page where the portlet is being loaded (and thus the page/space structure) is http://portalsubdomain.domain.org:77777/wps/demoportal/home/demo/ajaxTest. Not sure what the proxy is looking for, but the proxy-config.xml is located within my portlet's WEB-INF folder.
If I change the URL in my JSON call to wps/demoportal/home/demo/ajaxTest/proxy/https/subdomain.domain.org/ss/services/service1, I get the HTML for the ajaxTest page in return.
Found the solution! I needed to get the context path of the portlet and prepend it to the service URL.
Since my service call is in a separate .js file (via JavascriptMVC & jQuery), my quick and dirty fix is to create a JavaScript variable on the .jsp in order to get the portlet context path like so:
var globalRequestContextUrl = "<%= renderResponse.encodeURL(renderRequest.getContextPath()) %>";
then in my ajax call, I prepend the context url to my call to the proxy like so:
globalRequestContextUrl + "https/subdomain.domain.org/ss/services/service1"
Now I'm fighting SSL certificate issues, but I'm definitely getting through the proxy now.

Resources