We are using MFP v7.0 and we want to secure the page template files or add authentication before allowing any user to access the files.
Example I don't want users to access the page template files:
http://localhost:10080/AppName/apps/services/www/AppName/desktopbrowser/default/app/modules/login/view-login.html
Currently I implemented webSecurityTest but I can still access the file:
<webSecurityTest name="webTests">
<testUser realm="UserIdentity"/>
</webSecurityTest>
I'm not sure if I implemented it correctly or if that solution is what I really need.
You can't secure the page template files using Mobilefirst Platform Foundation as its a runtime hosted on a application server like Liberty or Tomcat.
You will need to check on how to protect your resources on the application server you use. Here's an example of how this is done on Tomcat.
Related
I have a web application that is basically a document management software. The users are primarily editing files from word so I host these files in a WebDav folder in IIS to allow editing and saving from word. To access these files they use the interface built into the web application and the links showed in the browser just reference the virtual directory used for the web dav folder. This works great however when a user saves a file I would like to capture when their saving it to the SQL database the web application uses. So is there anyway for my web application to know when a user saves a file to WebDav? I may also try to utilize other code as well if I am able to allow the webdav and asp.net core web application to interact. I have scoured the internet and I could not find anything useful and I could not find anything in stackoverflow even related.
Hi I am new to JBoss EAP 7.0.7! I am trying to deploy an ear file which was previously deployed in JBoss EAP 6.3. In the login page, it uses a form-based authentication with j_security_check. In my jboss-web.xml, the security-domain is set with a valve with class-name org.apache.catalina.authenticator.SingleSignOn.
The application works in JBoss EAP 6.3. I tried to debug it and noticed that it invokes a method from SingleSignOn class as well as FormAuthenticator class.
The problem is that the application does not work when deployed in JBoss EAP 7.0.7. And when I debug it, it does not seem to invoke the SingleSignOn and FormAuthenticator methods. So how can I apply the same form-based authentication in JBoss EAP 7.0.7. (Note: I checked in the documentation and found out about the RH-SSO(Red Hat Single Sign On) but I cant download it.
Thanks in advance for your answer/suggestions.
Do the web applications bundled in your EAR require single sign-on? If not, you don't need to mess with single sign-on.
All you need is to configure a security domain, using one of the methods outlines in the documentation:
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html-single/how_to_configure_identity_management/
Using form authentication is just a matter of configuring web.xml and jboss-web.xml to use your security-domain name (i.e. realm-name). See: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html-single/how_to_configure_identity_management/#configuring_an_application_to_use_a_security_domain_with_certificate_based_authentication
While this example demonstrates certificate-based authentication - to configure form authentication, just use FORM instead, and add the requisite and elements (as defined by the servlet specification).
Application Server
AIX V7.1
WebSphere
Application Server V8.5.5.4
Java SDK V7.0.8
MobileFirst Platform Foundation 6.3
DB2 V10.1 client
Database Server
AIX V7.1
DB2 V10.1
We have a MobileFirst application that is our mobile front-end to an existing application. The existing application is a WebSphere application that provides RESTful web services. The MobileFirst application interfaces with the existing WebSphere application via a MobileFirst Adapter. The RESTful web service URLs are protected URLs and authentication is done using LDAP and a LTPA token is created. The LDAP is configured in WebSphere via the WAS console.
Our MobileFirst application works fine and can connect to and use the RESTful web services but only if the MobileFirst application is running in a separate WebSphere profile or on a separate WebSphere server. If we attempt to install the MobileFirst application into the same WebSphere profile as our existing WebSphere application that provides the RESTful web services, it breaks. The Mobile device authenticates with MobileFirst successfully and then calls the Adapter to invoke the RESTful web service call. However, the next Adapter invocation from the mobile device ends with a HTTP 401 error, which is an authorization error.
I'm speculating that after the Adapter authenticates with our existing WebSphere application that provides the web services that somehow this is overwriting the authentication that was done between the mobile device and MobileFirst.
My questions are as follows.
Can both the MobileFirst application and our existing WebSphere application that provides the RESTful web services run in the same WebSphere profile and share the LTPA token such that when the Mobile device authenticates with MobileFirst that it would also be authorized to execute the web servies running in the same WebSphere profile.
Is it advisable to run both applications in the same WebSphere profile or should they be running separate profiles or on separate servers.
Cost is a concern as we do not necessarily want the additional operational cost of adding a physically separate server just to run MobileFirst.
From an operational perspective, it is additional work to add and maintain multiple WAS profiles.
Ideally, we would really like to run both applications in the same WebSphere profile.
Here is a Google Drive link (no signin required) to the trace.log, SystemOut.log, SystemErr.log, and firebug-console.html
MobileFirst Trace log
The MobileFirst application was run in a browser using "Preview as Common Resources". I get the same result when using an actual Android or iOS device. The MobileFirst application WAR was run in the same WAS profile as the web services WAR that it was accessing through the adapter. This same code works successfully when the MobileFirst application WAR is running in a separate WAS profile or on a separate WAS server.
Please advise.
I have resolve the issue myself. This was a codebase that my team had inherited from another team.
What was happening was the mobile device was initiating a connection to MobileFirst running on WebSphere which creates a JSESSIONID cookie and a LTPA2Token cookie. Then an adapter was being called that invoked a HTTP call to a web service running in the same WebSphere profile. Calling the web service created new JSESSIONID and LTPA2Token cookies. These new cookies were being returned to the mobile device and JavaScript code on the mobile device was taking those new cookie values and then overwriting document.cookies, which wiped out the original cookies. Then when the mobile device attempted to connect with MobileFirst on a subsequent call, it's session was invalid and ended up getting a HTTP 401 error, which is an authorization error. So we attribute this problem to a poor implementation of our application.
I have two services i.e. jsf web app service and android service. Both are using the same functionality like login registration etc.
Now I have to separate both the services because I have used all the functionality in web app that same functionality I want to use it for android app..
So how can I deploy it on the server?
Like on the apache server in webapp folder there will be two subfolders webapp/android and webapp/webapp so where can I store all the *.java files(Which contains the login and communicate with database) on the server so that both of them can access the existing functionality.
Thanks
At work we have an installed Alfresco Explorer, and as we discovering the new possibilities of Spring Surf Web Scripts we trying to reach the /service/console or /service/index so we can manage web scripts, enabling JavaScript debugger, etc.
However to reach that URL it needs an authentication, but it doesn't accept the user/pass what we using for logging in to the explorer web app.
As we didn't find nothing about that in the documentation,
we have to ask it: anybody figured that out what type of authentication does the service index need?
/service/? is only accessible by the admin user.