Uploaded image for project: 'Hippo Site Toolkit 2'
  1. Hippo Site Toolkit 2
  2. HSTTWO-3034

Add a PlainFilterChainInvokingPipeline which can be used for JAAS login

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.28.06, 2.30.00
    • Component/s: None
    • Labels:
    • Similar issues:
    • Sprint:
      Sprint 84, Sprint 85

      Description

      Currently we already have WebApplicationInvokingPipeline which makes it possible to delegate to other web application frameworks after the HST matching and some initial pipeline valve have been done.

      However, this WebApplicationInvokingPipeline contains in the initializationValves and in the processingValves valves like cmsSecurityValve, securityValve, subjectBasedSessionValve, jcrSessionStatefulConcurrencyValve etc. This makes it problematic to use for example in combination with the hst-security module: What we need to support is the following:

      1) remove /login/ from the hst:prefixexclusions from hst:hst/hst:hosts or web.xml
      2) add a sitemap item /login and /login/**
      3) To sitemap item /login add

      • hst:scheme = https
      • hst:namedpipeline = ....

      Now, all URLs for /login will be redirected to https and all HstLink objects will start with https (if current scheme is http and not https). For example
      <hst:link var="loginLink" path="/login/proxy"/> will create a link that starts with https if current request is not over http

      The problem: If we now set

      hst:namedpipeline = WebApplicationInvokingPipeline

      we get problems during login because of the WebApplicationInvokingPipeline contains subjectBasedSessionValve : catch22

      Instead, we need a pipeline which doesn't include subjectBasedSessionValve kind of valves, but is really basic. For that one, I want to add PlainFilterChainInvokingPipeline which is as follows:

      <!-- PlainFilterChainInvokingPipeline Web Application Invocation Pipeline that only does
      initializationValve and cleanup valves and does not have things like securityValve or
      subjectBasedSessionValve
      -->
      <entry key="PlainFilterChainInvokingPipeline">
      <bean class="org.hippoecm.hst.core.container.HstSitePipeline">
      <property name="initializationValves">
      <list>
      <ref bean="initializationValve" />
      </list>
      </property>
      <property name="processingValves">
      <list>
      <ref bean="filterChainInvokingValve" />
      </list>
      </property>
      <property name="cleanupValves">
      <list>
      <ref bean="cleanupValve" />
      <ref bean="diagnosticReportingValve" />
      </list>
      </property>
      </bean>
      </entry>

      Then having

      sitemap item /login

      • hst:scheme = https
      • hst:namedpipeline = PlainFilterChainInvokingPipeline

      makes logging in over https work like a charm

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                aschrijvers Ard Schrijvers
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: