How to integrate the single sign on in a WebRatio application

From WebRatio WebML Wiki

Jump to: navigation, search


Introduction

WebRatio give the chance to integrate in a Web application the single sign on feature. This is possible thanks to a java class named Credential Service. This class allows the user to automatically log in into the Web application and to directly access protected modules. There is no explicit log in since the user credentials are retrieved from an access management system (for instance SiteMinder, Oracle Single Sign On, Tivoli Access Manager, JBoss SSO).

In the WebRatio standard installation there is the RTXCredentialService.java interface, which has to be implemented by the CredentialService.java class in order to realize the single sign on using an access management system. The code contained in this class depends on the access management system used and it has to retrieve in someway the user credential informations.

These are the steps in order to integrate the single sign on feature in your Web Project:

  1. Create a Java Project which contains the class implementing the RTXCredentialService interface
    1. Select File -> New -> Java Project from the main menu. Type a name for the project and click on the Finish button
    2. Create a package inside the new Java Project giving it a name of your choice.
    3. Select File -> New -> Class from the main menu to add the CredentialService.java class in the package.
    4. Write in the class the java code to retrieve the credentials and perform the login (look to the next sections for examples)
    5. Right click on the Java Project and choose the Select Export -> JAR File command. Click on the Next button and choose the destination folder. Usually the destination folder is the WebContent/WEB-INF/lib directory of your Web Project. In this way every time you generate the Web Project you have also the last version of the Credential Service.
  2. The first time you generate the Web Project you have also to tell the Web application to use your Credential Service to bypass the standard login. To do this you have to add a new property in the WebRatio runtime configuration file
    1. Open the RTXConfig.properties file present in the WEB-INF/conf folder of your deploy directory.
    2. Add the following property at the end of the file 
      credentialsService= mypackage.CredentialService
    3. Save the file and restart you application server
    4. Copy the RTXConfig.properties in the WebContent/WEB-INF/conf directory of your Web Project in order to assure that the next generation of the project copies the file having this new property in the deploy directory.

In the next sections you will see some examples of CredentialService implementation.

Example 1 - SiteMinder Credential Service

SiteMinder is "a centralized Internet access control system that enables user authentication and single sign-on, policy-based authorization, identity federation, and auditing of access to Web applications and portals". This is the code of the class. If you want to download the entire source code please click here. 

 public class SiteMinderCredentialsService implements RTXCredentialsService {
 
	private static Log LOG = LogFactory.getLog(SiteMinderCredentialsService.class);
 
	public Pair getCredentials(Map localContext, Map sessionContext, RTXManager mgr) throws RTXPermissionException, RTXException {
		LOG.debug("Extract userName from HTTP request header");
		HttpServletRequest request = (HttpServletRequest) localContext.get(RTXConstants.HTTP_SERVLET_REQUEST_KEY);
		
		String userName = request.getHeader("SM_USER");
		LOG.debug("Site Minder User = '" + userName + "'");
		if (StringUtils.isBlank(userName)) {
			return null;
		}
		userName = userName.toUpperCase();
		if (userName.indexOf('\\') > -1) {
			userName = userName.substring(userName.indexOf('\\') + 1);
		} else if (userName.indexOf('/') > -1) {
			userName = userName.substring(userName.indexOf('/') + 1);
		}

		
		LOG.debug("Perform login for userName '" + userName + "'");
		mgr.getAuthenticationService().performLogin(userName, null, localContext, sessionContext);

		
		if (LOG.isDebugEnabled()) {
			String userOid = BeanHelper.asString(sessionContext.get(RTXConstants.CURRENT_USER_CTX_PARAM_KEY));
			String groupOid = BeanHelper.asString(sessionContext.get(RTXConstants.CURRENT_GROUP_CTX_PARAM_KEY));
			LOG.debug("Retrieved credentials: " + userOid + " : " + groupOid);
		}
		return null;
	}

 }
  • Retrieves and stores in the LOG static variable the shared log instance (line 3).
  • Declares the getCredentials method that has to be implemented in the class (line 5)
  • Retrieves the HTTP request (line 9)
  • Extracts single sign-on header value from the "SM_USER" header parameter(line 12)
  • Performs the login (line 25). This method is the point in which the login into the Web application is made and where the user credentials are stored in the global context parameters "UserCTXParam" e "GroupCTXParam"
  • Logs retrieved userOid and groupOid (line 29)

Example 2 - Oracle Single Sign On Credential Service

This section presents the source code of the CredentialService class for the Oracle Single Sign On. If you want to download the entire source code please click here. 

public class OSSOCredentialsService implements RTXCredentialsService {

	private static Log LOG = LogFactory.getLog(OSSOCredentialsService.class);

	public Pair getCredentials(Map localContext, Map sessionContext, RTXManager mgr) throws RTXPermissionException, RTXException {
		LOG.debug("Extract userName from HTTP request header");

		HttpServletRequest request = (HttpServletRequest) localContext.get(RTXConstants.HTTP_SERVLET_REQUEST_KEY);

		String userName = request.getHeader("Osso-User-Dn");
		LOG.debug("OSSO User DN = " + userName);
		if (StringUtils.isBlank(userName)) {
			return null;
		}
		userName = StringUtils.substringBefore(userName, ",").trim();

		LOG.debug("Perform login for userName '" + userName + "'");
		mgr.getAuthenticationService().performLogin(userName, null, localContext, sessionContext);

		if (LOG.isDebugEnabled()) {
			String userOid = BeanHelper.asString(sessionContext.get(RTXConstants.CURRENT_USER_CTX_PARAM_KEY));
			String groupOid = BeanHelper.asString(sessionContext.get(RTXConstants.CURRENT_GROUP_CTX_PARAM_KEY));
			LOG.debug("Retrieved credentials: " + userOid + " : " + groupOid);
		}
		return null;
	}

}
  • Retrieves and stores in the LOG static variable the shared log instance (line 3).
  • Declares the getCredentials method that has to be implemented in the class (line 5)
  • Retrieves the HTTP request (line 8)
  • Extracts single sign-on header value from the "Osso-User-Dn" header parameter(line 10)
  • Performs the login (line 18). This method is the point in which the login into the Web application is made and where the user credentials are stored in the global context parameters "UserCTXParam" e "GroupCTXParam"
  • Logs retrieved userOid and groupOid (line 20)


Related articles:
Category Difficulty Refers
Can I integrate a manually written JSP page in a WebRatio application? Integration Advanced Web Application
Custom Unit Guide Developing Custom Units Advanced Custom Unit
Debugging with application's logs Web Model Intermediate Web Application
How can I configure runtime properties (e.g. upload directory)? Deployment Beginner Web Application
How can I increase memory in my application server? Deployment Beginner Web Application
… further results












Did you find this article useful? Please rate it!

Rating: 3.4/5 (5 votes cast)

Retrieved from "http://wiki.webratio.com/index.php/How_to_integrate_the_single_sign_on_in_a_WebRatio_application"
Personal tools