• Post Reply Bookmark Topic Watch Topic
  • New Topic

JBoss AS7 login dialog displays before page contents  RSS feed

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First, I'm pretty much a newbie re web programming in general, but a complete newbie with AS7.

Using AS 7.1. I have been asked to extend an existing JSP app by adding a "splash" page that displays prior to the user moving into the app proper.

My problem is that AS 7.1 displays the login dialog before displaying the splash page contents and I'd like it to show the contents and then the dialog. Sounds simple but it has me stymied.

I've tried both a JSP splash and an HTML splash. Have not been able to find anything on the web or in the documentation that gives me a clue to a way forward.

Any help would be very much appreciated.

Cheers,
Mike
 
author
Bartender
Posts: 5856
7
Android Eclipse IDE Ubuntu
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Place the splash screen in a directory that is not secured, that is, a directory that doesn't require logging on before contents of that directory can be shown. Note that this might be impossible if the base directory of the app is secured.

If you posted your web.xml, we might be able to give specific instructions (you can always obfuscate the contents by renaming things, though be careful to be consistent!).
 
Sheriff
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mike, welcome to CodeRanch!

Like Peter said, posting the web.xml will help us understand more about the problem. While posting that, please also post the URL you are using to access the application.
 
Mike Fidler
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you!

Ok, here is the web.xml file. Nothing sensitive in it I can see.

The security-related settings are at the bottom. (Sorry to make you wade through all the unrelated xml but for completeness I left it as is.)

I use "http://localhost:8080/analytics/index.htm" to access the app. That's the splash I wrote. This is an analytics reporting app... hence all the BIRT stuff.


 
Mike Fidler
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
While I'm at it, here's the war's WEB-INF/jboss-web.xml (complete contents)

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain flushOnSessionInvalidation="true">java:/jaas/iws</security-domain>
</jboss-web>
 
Peter Johnson
author
Bartender
Posts: 5856
7
Android Eclipse IDE Ubuntu
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Looking at line 248, the entire application, and thus every file in it, is secured and requires the user to log in. Thus as configured you cannot display a splash screen in your app without moving the location of every file. For example, you could create a ./secured directory at the base of the web app, move everything (except WEB-INF and META-INF) into the directory, then change line 248 to "<url-pattern>/secured/*</url-pattern>", place your splash screen in the base directory, then it will be unsecured and accessible without login. Also, you will have to check and possibly change the references for every file in the app.

Yes that is a lot of work. And it can break your app in many, many ways. And will require a full requalification of the app. In my team, when we hit an issue like this, we tell the requester what it will cost to do this work, and ask the product owner to prioritize that with all the other work. That usually takes care of things like this as they tend to fall way to the bottom.
 
Bartender
Posts: 19562
90
Android Eclipse IDE Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And when Peter says everything needs you to be logged in, he means everything.

Even the logos, images, javascript and CSS on splash (and login!) pages are going to initiate login, and won't display until login succeeds.
 
Mike Fidler
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Wow, it is so refreshing to finally have some clarity.

I have burned copious amounts of time navigating the documentation and web resources trying to find the answer. I'm finding the learning curve seems actually closer to linear and vertical. :-)

A friend of mine suggested creating a separate, "trivial" unsecured WAR that presents the splash and then forwards to the secured app; which is in its essence a variation on what was suggested as a possibility here, but without the need to restructure everything.

Thank you so much!

Cheers,
Mike
 
Tim Holloway
Bartender
Posts: 19562
90
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I always like to have my webapps have a public welcome page. It describes the app and often has information on who's allowed to use it and maybe what dire penalties await the uninvited if they attempt to proceed. A link from there to the actual app home page allows for security, since the app home would normally be a secured page.

Some of my apps are part-open/part-closed. This would be true for example, for a public information site with integrated admin functions. Although I'll often make the admin functions a separate app for security's sake.
 
I can't renounce my name. It's on all my stationery! And hinted in this tiny ad:
Why should you try IntelliJ IDEA ?
https://coderanch.com/wiki/696337/IntelliJ-IDEA
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!