Hi All,
I'm working on $subject with regard to JIRA [1] and [2].
The existing authenticationendpoint webapp contains an
AuthenticationEndpoint servlet that maps for '\login.do' and 'retry.do' url
patterns and four other servlets; SAMLSSOLogin, OpenIDLogin, OAuth2Login
and PassiveSTSLogin. Each controls requests on that type.
One such scenario is as below.
So I see three approaches to make this app more configurable and
customizable.
*Approach 1:*
Replace each servlet mentioned above with a JSP such that the JSP will work
as a controller.
Allow to define custom page configurations for any url pattern from the
authenticationendpoint web.xml via servlet context parameters. They could
be either application specific or global.
Application Specific:
<context-param>
<param-name>OauthSP-/oauth2_error.do</param-name>
<param-value>
http://localhost:8080/customauthenticationendpoint/oauth2_error.do
</param-value>
</context-param>
Global:
<context-param>
<param-name>/oauth2_error.do</param-name>
<param-value>
http://localhost:8080/customauthenticationendpoint/oauth2_error.do
</param-value>
</context-param>
Each controller JSP will include logic to redirect, if custom page matching
the request URI exists. Thus, JSPs will include more java code and also
code duplicates.
*Approach 2:*
Have one JSP acting as a controller and map all url patterns for that in
the DD.
Allow to define custom page configurations for any url pattern from the
authenticationendpoint web.xml via servlet context parameters or servlet
init parameters.
In the existing app call to '\login.do' will finally end up with a forward
to login.jsp. But, in the middle resource is requested checking the request
parameter 'type'. So, it's also possible to differ pages as per the type.
To have that behaviour we have to map url patterns like '\samlsso_login.do'
to the same JSP and to forward in a call to '\login.do'. Here again the JSP
will include more java code.
*Approach 3:*
Implement a filter to work as the controller in the context path '\*'. Then
map each url pattern to the respective JSP in the web.xml.
Allow to define custom page configurations for any url pattern from the
authenticationendpoint web.xml via servlet context parameters.
So here, all calls will pass the filter. Hence, the filter can look for
custom configurations matching the request URI and redirect if found.
Introducing or replacing any page will be a simple configuration in the
web.xml.
Among, above three I prefer the third approach which is more clean and
configurable. Appreciate your views on this.
[1] https://wso2.org/jira/browse/IDENTITY-2977
[2] https://wso2.org/jira/browse/IDENTITY-2741
Thanks,
Malithi.
--
*Malithi Edirisinghe*
Senior Software Engineer
WSO2 Inc.
Mobile : +94 (0) 718176807
[email protected]
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
