Hi,
We are building a CUBA app, and we have the following request. The app will be accessible through an existing portal using an iFrame. Based on that, the users will login into the company’s portal and from an available menu, a new web page will be displayed - this page will include an iFrame component that will responsible for the loading of the CUBA app. At this stage, when the application will be loaded, the login screen of the CUBA app should not be required again since the user will be already logged in through the portal. So, I would like to ask you how we could prevent the login screen from being displayed and providing the user’s credentials through another channel - possibly included in the URL string?
There are two ways of how you can log in CUBA application using URL.
The first way is using parameters in URL navigation. For instance, let’s say that
the token “e63cacd4-646b-4232-bd72-36ddff780bbf” is generated only for user “admin”.
So we can add the following code to the LoginWidow:
The second way is using HttpRequestFilter and ApplicationListener<AppStartedEvent>.
In our filter, we check that address contains the specific parameter and if so save it to
HttpSession.
String st = request.getParameter("st");
if (!Strings.isNullOrEmpty(st)) {
request.getSession().setAttribute("st", st);
RequestContext.create(request, response);
response.sendRedirect(ControllerUtils.getLocationWithoutParams(
URI.create(request.getRequestURL().toString())));
}
chain.doFilter(request, response);
Redirect is used for removing parameters from address. In the ApplicationListener
we get given parameter, check it and do login.
private String secretToken = "e63cacd4-646b-4232-bd72-36ddff780bbf";
@Override
public void onApplicationEvent(AppStartedEvent event) {
App app = event.getApp();
Connection connection = app.getConnection();
if (!connection.isAuthenticated()) {
RequestContext requestContext = RequestContext.get();
if (requestContext != null) {
HttpServletRequest request = requestContext.getRequest();
String st = (String) request.getSession().getAttribute("st");
if (secretToken.equals(st)) {
try {
connection.login(new ExternalUserCredentials("admin"));
} catch (LoginException e) {
log.warn("Unable to login by token {}", st);
}
}
}
}
}