Hide login page

paggio86 · November 30, 2017, 10:40am

Hi,
i use external authentication for login in my cuba web-app.

I need to hide login page with the user and password form, is it possibile to make it with some kind of property to set to “true” or “false”?

Thanks.

artamonov · November 30, 2017, 3:35pm

Hi,

What do you mean by hide? Do you want to skip it when a user is authenticated using external mechanism?

paggio86 · December 4, 2017, 9:49am

Hi Yuriy,

I mean that:
if someone call the url http://host/app (that it the root of my cuba web-app), without parameters that allow in my filter the external login, cuba doesn’t show login form but a blank or error page as an invalid url.

artamonov · December 5, 2017, 11:47am

If you implement custom external login, probably you have custom Filter implementation as it is described in External Login fail implements CubaAuthProvider - CUBA.Platform In this case you can simply write error page content to response instead of calling chain.doFilter:

public class SimpleTokenAuthProvider implements CubaAuthProvider {
// ... 
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        // here we check request parameter and if it is a correct token, then login user as passed user name
        // http://localhost:8080/app?token=LOG_IN_ME_PLEASE&user=admin

        HttpServletRequest httpRequest = (HttpServletRequest) request;
        // ignore static requests
        if (StringUtils.startsWith(httpRequest.getRequestURI(), httpRequest.getContextPath() + "/VAADIN/")) {
            chain.doFilter(request, response);
            return;
        }

        HttpSession session = httpRequest.getSession();
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        if (request.getParameter("user") != null
                && "LOG_IN_ME_PLEASE".equals(request.getParameter("token"))) {

            SimpleTokenPrincipalImpl sessionPrincipal = new SimpleTokenPrincipalImpl(request.getParameter("user"));
            session.setAttribute(TOKEN_PRINCIPAL_SESSION_ATTR, sessionPrincipal);
            httpResponse.sendRedirect(httpRequest.getRequestURL().toString());
            return;
        }

        SimpleTokenPrincipalImpl principal = (SimpleTokenPrincipalImpl) session.getAttribute(TOKEN_PRINCIPAL_SESSION_ATTR);
        if (principal != null) {
            HttpServletRequest authenticatedRequest = new ServletRequestWrapper(httpRequest, principal);
            chain.doFilter(authenticatedRequest, response);
            return;
        }

        // TODO if not then write error content to response and do not call chain.doFilter

        chain.doFilter(request, response);
    }