Hi,
I created a customized authenticator and it throws AuthenticatorException exception if fail to authenticate. The exception does block the login, but the browser displays a blank page. I also tried to set the request status to 401, but no difference.
I expected the browser can redirect to a general login error page with the error message of the AuthenticatorException, it this a out-of-box feature in Thingworx ?
Regards,
Sean
Hi @seanccc.
There is an authentication method called issueAuthenticationChallenge that will allow you to set up a failure condition. This will allow you to redirect, log an error, throw up another login, etc., but I'm not able to find a lot of information on it. I am reaching out to our internal teams to get more information. You might want to play around with this method in the meantime and pass along any questions.
Regards.
--Sharon
Sorry, I clicked "Accept as Solution" by mistake, could you rollback the status of the post ?
I tried throw AuthenticatorException, but the server just response with http code 401 and the browser's login prompt get displayed instead of user friendly error page .
Regards,
Sean
The following code is what I called in the method issueAuthenticationChallenge:
AuthenticatorException authenticatorException =
new AuthenticatorException(
new InvalidRequestException(exceptionMsg, StatusCode.STATUS_UNAUTHORIZED));
authenticatorException.setAuthenticationType(AuthenticationType.AUTH_THINGWORX_FORM);
throw authenticatorException;
I notice that the web.xml has error-page for code 401 configured, but I have no idea why it's not captured .
one of the possible reason would be the response has to set " httpResponse.addHeader("WWW-Authenticate", "Basic realm=realm"); "
http://www.axlrosen.net/stuff/401.html(https://bz.apache.org/bugzilla/show_bug.cgi?id=13430)
but I found the response does has the setting , any more idea ?
Regards,
Sean
Is it that you would like the failed attempt to go to the general ThingWorx login screen, the login screen for an organization, or something else?
Since you have access to the HTTP Response, have you tried redirecting to a specific URL (like the URL for the login)?
issueAuthenticationChallenge - This method is not always necessary. However, if an exception is thrown from the Authenticate method or if you set the RequiresChallenge flag to true, then the issueAuthenticationchallenge method will be called.
I tried to call response.sendRedirect , but whatever I call it in the method authenticate or issueAuthenticationChallenge, it doesn't work. The final http code received by the browser is 401.
I guess the Thingworx AuthenticationFilter still continue the filter chain instead of break(return) after calling my CustomeAuthenticator as Thingworx don't know I called sendRedirect.
Or maybe the Thingworx checks the certain response header to know if CustomeAuthenticator call redirect ? I tried to call response.setHeader("Location", redirectURL), but it still doesn't work and return http code 404. (The redirectURL is another system's URL ,not thingworx )
Regards,
Sean
I found request.redirect() does work in the CustomAuthenticator ONLY when accessing the URL of Thingworx fundation, if access from the Thingworx Flow URL then it always return 404 whatever redirect to a internal URL like /Thingworx/Home or external URL , while the response location has the redirect URL value.
In my case , my customer always need to access via the URL of Thingworx's flow , it would be problem. I guess it may be related to certain configuration of Nginx, but have no idea how to solve it . could you give some suggestion ?
Regards,
Sean
And strangely, I created a customized servlet filter(just implement the interface javax.servlet.Filter) and register it in tomcat's web.xml. I called response.redirect() the the filter and it works ! I still access from the Thingworx flow's URL.
in a summary:
Redirect Case | Work or not |
Access from Thingworx foundation URL + CustomAuthenticator | Yes |
Access from Thingworx Flow URL + CustomAuthenticator | No |
Access from Thingworx Flow URL + Customized servlet filter | Yes |
So , Why does the AuthenticationFilter return 404 for redirect call while the normal servlet filter won't ?
Regards,
Sean