PDA

View Full Version : Ext.ux.JEEAuth - JEE FORM authentication hook



Marte
15 Dec 2011, 4:33 AM
The JEE FORM Authentication hook allows you to handle form-based authentication requests from inside AJAX-driven applications, to avoid page reloads. This reduces significantly the overhead of restarting the application. The hook installs automatically, then intercepts all Ext.Ajax requests and asks the user to provide authentication credentials when needed. The authenticated server's response is transparently forwarded to the originating request when the authentication succeeds.

Please note that this extension is a port of my previous Ext.ux.J2EEAuth, which had support for ExtJs v2.x only.

Usage:

Download Ext.ux.JEEAuth library and samples from github, at https://github.com/dmlambea/Ext.ux.JEEAuth.
Include jeeauth.js after all Ext libraries, then any desired customization (refer to the provided examples and README for details).
Make sure your servlet / RESTful / WebService / web application is ready to send back the authRequest.json-alike file as in FORM-based authentication.


Supported versions: ExtJS v4.0.x

Cheers,
Marte.

jadrake75
17 Dec 2012, 9:24 AM
Marte - this is absolutely wonderful. I was able to adapt this for my hobby application that is hosted in Glassfish with form based authentication. A few changes I had to make:
In my development environment, my Ext-JS project is under a different web-app name than my JAX-RS project. I pass this as a relative query parameter to my application and have a JS class to handle this and use this to configure the proxies. As such I had to ensure the same web-app as the server was used for the action of the authentication form.
Instead of just reading the json (which is what I did originally) I instead had it also check for the existence of a 'action="j_security_check"' string and if so set the authentication to true. This allows me to continue to use my nicely formatted HTML login for other applications (or hitting the web services directly from a browser outside of my Ext-JS app).
I had to change the loadMask code to the following since isVisible( ) was returning false even though it was shown. Strangely enough isHidden( ) was returning the proper response.

if( loadMask && !loadMask.isHidden() )

I will need to modify the login dialog, but that is straight forward. Thanks for working this out.....

The other strange thing I am seeing.... my JAX-RS services only accept application/json or html/xml, application/xml content types. When I send the credentials to the server with the j_security_check action, it comes back with a 302 "Temporarily Moved" response and it appears the browser is doing a GET using the content type of security POST (which is x-www-form-urlencoded) causing a 415 Unaccepted Content Type to be raised by my webservices (even if I am doing a POST operation) and then immediately the proper POST is fired with the correct content-types (this proper post I believe is coming from the callback rolloff on the Ajax operations). I am not sure where the GET is coming from (as it is not hitting breakpoints in the .js) leading me to suspect it is a browser request. Have you seen this?

Using EXT 4.1.1

-Jason