cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Need to share some code when posting a question or reply? Make sure to use the "Insert code sample" menu option. Learn more! X

How to redirect to an error page if failed in a custom authenticator ?

seanccc
17-Peridot

How to redirect to an error page if failed in a custom authenticator ?

Hi, 

I created a customized authenticator and it throws AuthenticatorException exception if fail to authenticate.  The exception does block the login, but the browser displays a blank page.   I also tried to set the request status to 401, but no difference. 

 

I expected the browser can redirect to a general login error page with the error message of the AuthenticatorException,   it this a out-of-box feature in Thingworx ?  

 

Regards,

Sean

 

 

7 REPLIES 7
slangley
23-Emerald II
(To:seanccc)

Hi @seanccc.

 

There is an authentication method called issueAuthenticationChallenge that will allow you to set up a failure condition.  This will allow you to redirect, log an error, throw up another login, etc., but I'm not able to find a lot of information on it.  I am reaching out to our internal teams to get more information.  You might want to play around with this method in the meantime and pass along any questions.

 

Regards.

 

--Sharon

seanccc
17-Peridot
(To:slangley)

@slangley ,

 

Sorry, I clicked "Accept as Solution" by mistake, could you rollback the status of the post ? 

 

I tried throw AuthenticatorException, but the server just response with http code 401 and the browser's login prompt get displayed instead of user friendly error page .  

 

Regards,

Sean

 

seanccc
17-Peridot
(To:seanccc)

@slangley ,

 

The following code is what I called in the method issueAuthenticationChallenge: 

AuthenticatorException authenticatorException =
new AuthenticatorException(
new InvalidRequestException(exceptionMsg, StatusCode.STATUS_UNAUTHORIZED));
authenticatorException.setAuthenticationType(AuthenticationType.AUTH_THINGWORX_FORM);

throw authenticatorException;

 I notice that the web.xml has error-page for code 401 configured,  but I have no idea why it's not captured . 

 

one of the possible reason would be the response has to set  " httpResponse.addHeader("WWW-Authenticate", "Basic realm=realm"); "

http://www.axlrosen.net/stuff/401.html(https://bz.apache.org/bugzilla/show_bug.cgi?id=13430)

but I found the response does has the setting ,  any more idea ? 

 

seanccc_0-1615130748657.png

 

Regards,

Sean

 

Is it that you would like the failed attempt to go to the general ThingWorx login screen, the login screen for an organization, or something else?

 

Since you have access to the HTTP Response, have you tried redirecting to a specific URL (like the URL for the login)?

 

issueAuthenticationChallenge - This method is not always necessary. However, if an exception is thrown from the Authenticate method or if you set the RequiresChallenge flag to true, then the issueAuthenticationchallenge method will be called.

@thingw0rxgenie ,

 

I tried to call response.sendRedirect , but whatever I call it in the method authenticate or issueAuthenticationChallenge,  it doesn't work.   The final http code received by the browser is 401. 

 

I guess the Thingworx AuthenticationFilter still continue the filter chain instead of break(return) after calling my CustomeAuthenticator as Thingworx don't know I called sendRedirect. 

 

Or maybe the Thingworx checks the certain response header to know if CustomeAuthenticator call redirect ?   I tried to call response.setHeader("Location", redirectURL),  but it still doesn't work and return http code 404. (The redirectURL is another system's URL ,not thingworx )

 

Regards,

Sean

@thingw0rxgenie  @slangley ,

 

I found request.redirect() does work in the CustomAuthenticator ONLY when accessing the URL of Thingworx fundation,  if access from the Thingworx Flow URL then it always return 404 whatever redirect to a internal URL like /Thingworx/Home or external URL , while the response location has the redirect URL value. 

In my case , my customer always need to access via the URL of  Thingworx's flow ,  it would be problem.   I guess it may be  related to certain configuration of Nginx,  but have no idea how to solve it .  could you give some suggestion ? 

 

Regards,

Sean

seanccc
17-Peridot
(To:seanccc)

@thingw0rxgenie @slangley ,

 

And strangely,  I created  a customized servlet filter(just implement the interface javax.servlet.Filter) and register it in tomcat's web.xml.  I called response.redirect() the the filter and it works !  I still access from the Thingworx flow's URL.  

in a summary: 

Redirect Case Work or not
Access from Thingworx foundation URL + CustomAuthenticator Yes
Access from Thingworx Flow URL + CustomAuthenticator No
Access from Thingworx Flow URL + Customized servlet filter  Yes

 

So ,  Why does the AuthenticationFilter return 404 for redirect call while the normal servlet filter won't ? 

 

Regards,

Sean

 

 

 

Announcements


Top Tags