The com.hardis.adelia.cloud.security.realms.RequestRealm Realm passes credentials from an http request.
It can be used during upstream authentication at a portal and when redirecting to the Adelia Cloud application.
wagon.xml file configuration
<realm name="reflex" loginModuleName="LdapModule" className="com.hardis.adelia.cloud.security.realms.RequestRealm"/>
|
index.jsp servlet configuration
<%@taglib prefix="t" tagdir="/WEB-INF/tags" %> <%@ taglib prefix="x" uri="http://adelwagon.adelia.hardis.com/adelwagon" %> <x:pushCustomVariable key="login"><%=request.getParameter("login")%></x:pushCustomVariable> <x:pushCustomVariable key="password" cipher="true"><%=request.getParameter("password")%></x:pushCustomVariable> <t:adeliaDesktop title="Adelia Desktop"> <jsp:attribute name="head_header"> <x:customSessionVariables/> </jsp:attribute> </t:adeliaDesktop>
|
The call is carried out via http://host[:port]/myapp/index.jsp?login=myuser&password=mypassword.
Note: the login and password are passed in clear text.
Using an encoded secureID
index.jsp servlet configuration:
<%@taglib prefix="t" tagdir="/WEB-INF/tags" %><%@ taglib prefix="x" uri="http://adelwagon.adelia.hardis.com/adelwagon" %><x:pushCustomVariable key="secureID"><%=request.getParameter("secureID")%></x:pushCustomVariable><t:adeliaDesktop title="Adelia Desktop"><jsp:attribute name="head_header"><x:customSessionVariables/></jsp:attribute></t:adeliaDesktop>
|
The call is carried out via http://host[:port]/myapp/index.jsp?secureID={....}.
Creating a secureID
http://host[:port]/myapp/RsaServlet?action=secureID&map=login=mylogin;password=mypassword
Principle for use from a portal
From its server side, the Portal application requests the creation of a secureID from the http://host[:port]/myapp/RsaServlet?action=secureID&map=login=mylogin;password=mypassword.
It can then send to the client browser an html page pointing to http://host[:port]/myapp/index.jsp?secureID={....}
Note: if it is called in GET, it is advisable to encode the secureID in URL. For example in javascript with the API encodeURIComponent : URLEncodedSecureID=encodeURIComponent(secureID); windows.open('http://host[:port]/myapp/index.jsp?secureID='+URLEncodedSecureID).