cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can Bookmark boards, posts or articles that you'd like to access again easily! X

Redirect login to FormLogin

fgrondin
5-Regular Member

Redirect login to FormLogin

Hey guys,

I was wondering when you connect to ThingWorx via this link : server/ThingWorx

It asks you for your credentials.

I would like that previous link to be redirected to server/Thingworx/FormLogin/Everyone. How can I do that ?

With that, I can use a home mashup with the Everyone organization.

Then, whenever the session timeouts, I would like it to be redirected to the same URL (server/Thingworx/FormLogin/Everyone) How can I do that ?

I'm using PostgreSQL 9.4.15 & TOMCAT 8.5 and ThingWorx 8.0.5

1 ACCEPTED SOLUTION

Accepted Solutions
posipova
20-Turquoise
(To:fgrondin)
10 REPLIES 10
posipova
20-Turquoise
(To:fgrondin)

You may try this for the first part of your question:

Configuring URL redirection for ThingWorx

For the timeout redirect, not sure it is possible currently.

fgrondin
5-Regular Member
(To:posipova)

Thank you for the quick reply.


I was able to do the redirection.

So now, whenever they type the server, it redirects to ThingWorx.

Maybe it's unclear for the second part.

instead of having this Authentication prompt message(img1), I would like to get to the FormLogin (img2) without having to type /FormLogin/Everyone

I would like to redirect to this :

posipova
20-Turquoise
(To:fgrondin)

I understand the requirement, however, I do not think it's currently possible with the form login. There should be an article on this, I'll look tomorrow during North America business hours and post a link here. You may try going the custom authenticator route although it would be a lot more involved.

fgrondin
5-Regular Member
(To:posipova)

Okay, thank you.

I know it is possible as my customer, who is using ThingWorx 6.5 is doing it.

I would want to do the same for an internal server..

I wanted to find out how to do it, instead of asking them.

If you do find how to do it, it would be nice to let me know.

Otherwise, I will ask my customer.

posipova
20-Turquoise
(To:fgrondin)
fgrondin
5-Regular Member
(To:posipova)

Good Thank you ! The second link has worked for me !

posipova
20-Turquoise
(To:fgrondin)

Glad it worked! Thank you for your time and patience.

Can you please help with my case which is similar to the above solution:

  1. 1. We are currently using composer for development activity
  2. 2. We are having the mashups for an application which uses Form-Login that runs on the same Thingworx
  3. 3. If I use the custom auth https://community.thingworx.com/message/55908#55908 , it fails for composer login. I would need the code snippet for issueAuthenticationChallenge method to redirect the session timeout popup to specific mashup page and this should work only for mashup application and not for composer flow.

Please help me with this.

Frederik Grondin​ is this the method you have used in your implementation?

fgrondin
5-Regular Member
(To:skrishnasamy)

Here is the code of the Authenticator.

Basically, whenever you are pressing the Login button in the browser, It will execute the Method Authenticate.

In there, you basically implement your logic to authenticate. In this code, if either the user or the password is empty, it throws an error. In the Catch block, it's setting redirect to true and setRequiresChallenge to true (which will execute the method IssueAuthenticationChallenge). In that method, if redirect is true, then it redirects the user to formLogin....

If the user is good then continue to the home mashup set in the organization.

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import com.thingworx.common.SharedConstants;

import com.thingworx.security.authentication.AuthenticationUtilities;

import com.thingworx.security.authentication.AuthenticatorException;

import com.thingworx.security.authentication.CustomAuthenticator;

import ch.qos.logback.classic.Logger;

public class LoginAuthenticator extends CustomAuthenticator {

    private String user; 

    private String requestUrl; 

    private String password; 

    private boolean isFormLogin; 

    private boolean isRedirect;

public LoginAuthenticator() {

        user = null; 

        requestUrl = null; 

        password = null; 

        isFormLogin = true; 

        isRedirect = false; 

}

@Override

    public boolean matchesAuthRequest(HttpServletRequest httpRequest) 

            throws AuthenticatorException 

        { 

            requestUrl = httpRequest.getRequestURL().toString(); 

            if((!requestUrl.contains("action-login")) & (!requestUrl.contains("FormLogin"))) 

            { 

                isFormLogin = false; 

                isRedirect = true; 

                setRequiresChallenge(true); 

            } else 

            if(requestUrl.contains("action-login")) 

            { 

                user = httpRequest.getParameter("thingworx-form-userid"); 

                password = httpRequest.getParameter("thingworx-form-password"); 

            } 

            return true; 

        } 

      

@Override

   public void authenticate(HttpServletRequest httpRequest, HttpServletResponse httpResponse) 

        throws AuthenticatorException 

    { 

        try {

if(user.isEmpty() || password.isEmpty()){

getApplicationLogger().error("The username or password is empty");

throw(new AuthenticatorException("The username or password is empty"));

}

AuthenticationUtilities.validateCredentials(user, password);

            setCredentials(user, password); 

AuthenticationUtilities.getSecurityMonitorThing().fireSuccessfulLoginEvent("<a valid account with rights to the Mashup>", SharedConstants.EMPTY_STRING);

} catch (Exception e) {

// TODO Auto-generated catch block

isRedirect = true;

super.setRequiresChallenge(true);

e.printStackTrace();

}

    } 

@Override

   public void issueAuthenticationChallenge(HttpServletRequest httpRequest, HttpServletResponse httpResponse) 

        throws AuthenticatorException 

    { 

        if(isRedirect) 

        { 

            String urlString = "/Thingworx/FormLogin/Everyone";//replace with your own organization 

            try 

            { 

                httpResponse.sendRedirect(urlString); 

            } 

            catch(IOException e) 

            { 

                e.printStackTrace(); 

            } 

        } 

    } 

}

Top Tags