In the 1st et 2d articles about chaining kerberos with OpenAM, there may be some use cases where the « referer » solution may not work, since for example the browser does not always generate it, for security reasons.
In such a case, here’s a more sophisticated 401.jsp page, that requires a Java 7 environment:
<%@ page import="java.io.*"%> <%@ page import="java.util.*"%> <%@ page import="javax.servlet.*"%> <%@ page import="javax.servlet.http.*"%> <%@ page import="javax.servlet.ServletContext"%> <%@taglib uri="/WEB-INF/jato.tld" prefix="jato"%> <%@taglib uri="/WEB-INF/auth.tld" prefix="auth"%> <% /* *(C) 2010 Jim Klimov, JSC COS&HT *param processing (C) https://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-Form-Data.html Chaining kerberos with OpenAM The browser will reload the page, preserving the initial request and parameters if any */ response.setStatus (response.SC_UNAUTHORIZED); response.setHeader ("WWW-Authenticate", "Negotiate"); /* * Default ORG and MODULE/SERVICE values, should override whatever * was passed to the Login page, if fallback redirect is required * TODO: Parametrize via serice/property configs */ String FallbackServiceURI = "/openam/UI/Login?module=LDAP"; %> <HTML><HEAD><TITLE>HTTP-401: Unauthorized</TITLE> <% Enumeration<String> paramNames = request.getParameterNames(); while(paramNames.hasMoreElements()) { String paramName = paramNames.nextElement(); if ( paramName.equals("service") || paramName.equals("module") || paramName.equals("org") ) { ; } else { String[] paramValues = request.getParameterValues(paramName); for(int i=0; i<paramValues.length; i++) { String paramValue = paramValues[i]; FallbackServiceURI += "&"+paramName; if (paramValue.length() != 0) { FallbackServiceURI += "="+paramValue; } } } } %> <meta HTTP-EQUIV="refresh" content="0;url=<%= FallbackServiceURI %>"> </HEAD> <BODY><H1>HTTP-401: Unauthorized</H1> Proper authorization is required for this area. Either your browser does not perform authorization, or your authorization has failed.<br> Your browser will be redirected to <a href="<%= FallbackServiceURI %>">default authorization method</a>. </BODY></HTML>
Les derniers articles par janua (tout voir)
- New Keycloak online training - 19 janvier 2022
- Sizing Keycloak or Redhat SSO projects - 8 juin 2021
- Keycloak.X Distribution - 28 janvier 2021