Integration with nevisProxy
nevisProxy will request nevisLogRend to render login pages. The rendered pages will contain references to other documents contained in nevisLogRend (images, cascading style sheets, script files). All such references are created using a common prefix, which allows nevisProxy to identify these requests and forward them accordingly.
Configuration
See the nevisProxy reference guide for a description of nevisProxy's configuration parameters.
nevisLogRend has to be configured as a login renderer in nevisProxy's web.xml configuration file. The following configuration elements are required for this:
An Http(s)ConnectorServlet that connects to the application server on which nevisLogRend is running. Set the MappingType to pathinfo.
Example<servlet>
<servlet-name>RemoteLoginConnector</servlet-name>
<servlet-class>
ch::nevis::isiweb4::servlet::connector::http::HttpsConnectorServlet
</servlet-class>
<init-param>
<param-name>InetAddress</param-name>
<param-value>myhost:443</param-value>
<description>The DNS name or the IP address of the server</description>
</init-param>
<init-param>
<param-name>MappingType</param-name>
<param-value>pathinfo</param-value>
</init-param>
<init-param>
<param-name>URIPrefix</param-name>
<param-value>/nevislogrend</param-value>
</init-param>
... (further init-param elements)
</servlet>A LoginRendererServlet with the above servlet as RenderingProvider. Pass the parameter logrendresourcepath with the path where images and other files referenced by login pages are located .
Example<servlet>
<servlet-name>LoginRenderer</servlet-name>
<servlet-class>
ch::nevis::isiweb4::servlet::rendering::LoginRendererServlet
</servlet-class>
<init-param>
<param-name>RenderingProvider</param-name>
<param-value>
remote:RemoteLoginConnector:/nevislogrend/index.jsp?logrendresourcepath=
/loginresources&dummy
</param-value>
</init-param>
... (further init-param elements)
</servlet>
&dummy
is required since query parameters might be added.
An IdentityCreationFilter
Example<filter>
<filter-name>EsAuthAuthenticationFilter</filter-name>
<filter-class>
ch::nevis::isiweb4::filter::auth::IdentityCreationFilter
</filter-class>
<init-param>
<param-name>LoginRendererServlet</param-name>
<param-value>LoginRenderer</param-value>
<description> The configured name of the login renderer servlet</description>
</init-param>
... (further init-param elements)
</filter>As explained in chapter the chapter Velocity , specific files can also be requested. For the following example, the Velocity engine would first check for the exact match rendererror.html, and, if the file cannot be found, for rendererror.vm.
Example<filter>
<filter-name>ErrorFilter</filter-name>
<filter-class>ch::nevis::isiweb4::filter::error::ErrorFilter</filter-class>
<init-param>
<param-name>StatusCode</param-name>
<param-value>
404:RemoteLoginConnector:/nevislogrend/rendererror.html?logrendresourcepath
=/nevislogrend/login/resources/&errorcode=404
500:RemoteLoginConnector:/nevislogrend/rendererror.html?logrendresourcepath
=/nevislogrend/login/resources/&errorcode=500
</param-value>
</init-param>
</filter>A mapping of the above filter for all paths required. This filter must not be mapped for the path used for nevisLogRend's images etc. .
Example<filter-mapping>
<filter-name>EsAuthAuthenticationFilter</filter-name>
<url-pattern>/application/*</url-pattern>
</filter-mapping>A mapping of the connector servlet to the location of the nevisLogRend images (in the example loginresources as passed to the LoginRenderer via the parameter logrendresourcepath):
Example<servlet-mapping>
<servlet-name>RemoteLoginConnector</servlet-name>
<url-pattern>/loginresources/{*}</url-pattern>
</servlet-mapping>
Interaction Details
This section assumes the example configuration described above as well as the default configuration of nevisLogRend.
If a login is needed due to someone accessing the location application, nevisProxy will call nevisLogRend to render the login page.
nevisLogRend will produce all links with the following pattern: href="/loginresources/application/appname/webdata/..."
Each of these requests will match the mapping defined for the RemoteLogin-Connector servlet and result in an (unauthenticated) request to nevisLogRend, which will in turn provide the contents of the corresponding file.
(If an IdentityCreationFilter was mapped to the path */loginresources/**, nevisProxy would call nevisLogRend to produce the login page again. The login page would then be displayed without images or style sheet information.)
Communication Details
Communication from nevisAuth to nevisLogRend (via nevisProxy) is done using a HTTP POST request (containing the XML GUI descriptor documented in nevisAuth Reference Guide, see ibid. chapter A.2, Nevis GUI Descriptor). The GUI description describes the dialog to be rendered (along with all input fields, informational text related to the login process, and submit buttons). The GUI descriptor can be regarded as the input contract of the next authentication step.
An example of a GUI descriptor is shown below:
<Gui name="UidPwLoginDialog" domain="SSO" label="login.title">
<GuiElem name="lasterror" type="error" label="${notes.lasterrorinfo}"
value="${notes.lasterror}"/>
<GuiElem name="isiwebuserid" type="text" label="login.label.userid"/>
<GuiElem name="isiwebpasswd" type="pw-text" value=""/>
<GuiElem name="submit" type="submit" label="login.button.continue" value="Login"/>
</Gui>