Interesting login/authentication problem

People,

I've got an interesting login and authentication work flow problem that I
need some assistance with.

The details of the configuration are:
Tomcat 5.5 web server.
I've configured some security-constraints to control access to the Xforms
app.
I'm using a Simple JSP login form and login error form pages.
The login works correctly, the realm gets called, user gets authenticated.

Things go awry when the j_security_check sends the newly authenticated
request to Orbeon.

It appears that the request has no principal associated with it when Orbeon
receives the request, therefore any call that Orbeon makes to say, do a
submission, fails because that user is not yet logged in.  So, the model
initialization events don't work because I cannot do a submission.

But, if after the page loads (with an incomplete model), if I hit refresh it
loads perfectly the second time.  Because the browser session is nicely
authenticated.  

So, I guess my question is:  How can I force the Tomcat container
authentication to be totally complete by the time it calls the first Orbeon
page?

Thanks,

Jack

---------------------
Jack Cox
CapTech Ventures, Inc.
1118 W. Main St.
Richmond, VA 23220
804-545-8765




--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Hi Jack,

On 6/7/07, Jack Cox <[hidden email]> wrote:
> It appears that the request has no principal associated with it when Orbeon
> receives the request, therefore any call that Orbeon makes to say, do a
> submission, fails because that user is not yet logged in.

You are saying that you login, go to an XForms page, but the
submission from that page fails because Orbeon does not receive the
authentication information from Tomcat. Is this correct?

What version of Orbeon Forms are you using? Are you redirected to the
login page in the first place the first time you access the XForms
page? Are all the pages of your application protected in your
<security-constraint>? That is, do you have
<url-pattern>/*</url-pattern>? If not, you might want to try to put
that there (if possible in your case).

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Alex,

I believe that is correct.  I've been through the Tomcat/j_security_check
login and get directed to the first page (<page id="welcome" path-info="/"
view="view.xhtml" default-submission="/model/parameters.xml"/>)

The page displays except that the model instances that are retrieved via
submissions done on the 'xforms-ready' event are empty because each of the
submissions fails due to not being authenticated.

If I just hit reload on the browser the page is redrawn correctly with all
submission retrieved data inplace.

All of the pages have security-constraints (except for the CSS style sheets
since they are needed to style the login form).  The login form is pure JSP.

The version of Orbeon is fairly recent (3 weeks old).  Is there any easy way
to get the exact build number?

Jack



On 6/9/07 6:46 PM, "Alessandro Vernet" <[hidden email]> wrote:
---------------------
Jack Cox
CapTech Ventures, Inc.
1118 W. Main St.
Richmond, VA 23220
804-545-8765




--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

> The version of Orbeon is fairly recent (3 weeks old).  Is there any easy way
> to get the exact build number?

There are at least two easy ways of checking the build number.
1) Go to the URL where your Orbeon Forms is running, e.g.
http://localhost:8080/ops

On the bottom of the welcome page (and all other pages) you will see the
build/version number.

2) Go to a web page, which will be processed by Orbeon Forms, i.e.
translated by Orbeon Forms, e.g.
http://localhost:8080/myapp/index.xforms

See source code of the page and you will find a meta tag called generator
in the head section. This meta tag has the build/version number as its
content.

Regards


-Markku Laine



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Jack,

On 6/11/07, Jack Cox <[hidden email]> wrote:
> The page displays except that the model instances that are retrieved via
> submissions done on the 'xforms-ready' event are empty because each of the
> submissions fails due to not being authenticated.

Unfortunately I don't have a ready-made answer. To debug this, I would
use a tool like Apache tcpmon (http://ws.apache.org/commons/tcpmon/)
to see what headers are sent:

1) By the browser to the server.
2) By the XForms engine to the service.

What is the difference in those headers between the first and second
request you are doing?

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Hi,

does anyone know what would be the minimal package for ops-based
portlets? I've been deploying that ops.war for testing purposes but it
obviously contains a lot of stuff not needed for those portlet examples.
For example are all those servlets needed, that are defined in web.xml,
for portlets?

Thanks in advance!



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Markku,

The version is: 3.5.1.200703310056

I'll give the tools Alex suggested a try and see what those uncover.

Thanks,

Jack



On 6/12/07 2:03 AM, ".::: Markku :::." <[hidden email]> wrote:
---------------------
Jack Cox
CapTech Ventures, Inc.
1118 W. Main St.
Richmond, VA 23220
804-545-8765




--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

At the very least, you need:

* ops-main-servlet
* ops-xforms-server-servlet

You shouldn't need the eXist or Struts servlet (in fact we may want to
remove the latter altogether as it was used only in an example).

You shouldn't need any filter either in this scenario.

For the JAR files, we should really build a list someday ;-) Was that
your main concern?

-Erik

[hidden email] wrote:
--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

On 6/12/07, Erik Bruchez <[hidden email]> wrote: Erik,

Have you guys ever thought about putting together a "dist-minimal" ANT
task and putting it into build.xml? Ideally, it would produce a bare
minimum version of Orbeon Forms minus the documentation, example
applications, or anything else. I've thought about putting one
together and sending it in, but haven't gotten around to it.

It would probably be best if "dist" had a dependency on "dist-minimal"
and then added in the other stuff, so it would probably require a
little bit of refactoring of build.xml

For an example of what I'm talking about, look at the build.xml for
eXist. Someone added similar functionality a while ago. (which got me
thinking something like this would be nice for Forms)

--
Daniel E. Renfer
http://kronkltd.net/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Daniel,
This is a great suggestion. I can't do it just right now but I am adding
an RFE:

http://forge.objectweb.org/tracker/index.php?func=detail&aid=307180&group_id=168&atid=350207

And if somebody wants to propose a patch, please do so ;-)

-Erik

--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws