Closed fishfree closed 2 months ago
You can replace BASIC authentication with FORM authentication by supplying the corresponding configuration in web.xml
, and the related login form file. This should work fine for the web-browser front end.
However, it's not advisable to make this change if you intend to use programmatic access to LaBB-CAT from Python/R etc. The client libraries for Python, R, NodeJS, and Java assume BASIC authentication, and won't work with a different authentication method.
(In fact, in the long term, the plan is to change to a JWT-based request authentication system, but that's a fair way off yet.)
If you don't want to use Python/R, and want to use FORM authentication anyway, you need to replace this tag in web.xml
:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>LaBB-CAT</realm-name>
</login-config>
... with something like this:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/login-error.html</form-error-page>
</form-login-config>
</login-config>
Then you need to add a login.html
file to the web app files (i.e. in the labbcat
directory) with content like:
<!DOCTYPE html>
<html>
<head><title>Login</title></head>
<body>
<form method="POST" action="j_security_check">
<table>
<tr>
<td>Name:</td>
<td><input type="text" name="j_username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="j_password"/ ></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Login" /></td>
</tr>
</table>
</form>
</body>
</html>
...and similarly a login-error.html
something like:
<!DOCTYPE html>
<html>
<head><title>Login Failed</title></head>
<body>
<p>Login failed, please try again:</p>
<form method="POST" action="j_security_check">
<table>
<tr>
<td>Name:</td>
<td><input type="text" name="j_username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="j_password"/ ></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Login" /></td>
</tr>
</table>
</form>
</body>
</html>
This will work, but will give you no direct way to log out (which I'm guessing is what you're after). In order to achieve that, you can add a file called mvc/logout.jsp
(i.e. logout.jsp
in the mvc
subdirectory) with this content:
<%
{
session.invalidate();
request.setAttribute("redirect", ".");
}
%>
Then, when you open the URL https://example.com/labbcat/logout you'll be logged out, and presented with a login form for logging in as a different user.
@robertfromont Thank you very much! I will give a try~
Webform-based authentication is more convinient to create and moderate users with the admin account.