Web Author - REST Plugin Auth

Are you missing a feature? Request its implementation here.
ncroze
Posts: 12
Joined: Mon Sep 30, 2019 11:30 am

Web Author - REST Plugin Auth

Post by ncroze »

Hello,

I write to you today because i was implementing the different endpoints described into your documentation (https://github.com/oxygenxml/web-author ... PI-spec.md) last week, and for these points there is no real blocking problem. But on part indicating how to stipulate to Web Author that user was logged, you just indicate a redirection URL. Now when user is well logged, a redirection is made to $WEB_AUTHOR_URL/plugins-dispatcher/rest-browse-callback as indicated, but nothin happens and web author seems to not understand that user is logged.

Does I pass some additional headers to redirection to be able to save my session id ? Which ones ?
Or does i have to implements a servlet managing this callback URL ? Because documentation let think that this servlet is already existing.
If i have to implements a servlet on this callback, please link me an example of routing and/or documentation on this specific point if there is one, because last week i didn't found how to map a servlet cleanly and call her.

Thanks for your help in advance and have a nice day.

Regards,
Nicolas CROZE
mihai_coanda
Posts: 78
Joined: Wed Jul 20, 2016 8:22 am

Re: Web Author - REST Plugin Auth

Post by mihai_coanda »

Hello Nicolas,

From you description it seems that you redirected the user to $WEB_AUTHOR_URL/plugins-dispatcher/rest-browse-callback. You should redirect to $WEB_AUTHOR_URL/plugins-dispatcher/rest-login-callback.

Regards,
Michael
Michael

https://www.oxygenxml.com
ncroze
Posts: 12
Joined: Mon Sep 30, 2019 11:30 am

Re: Web Author - REST Plugin Auth

Post by ncroze »

Hello Michael,

I paste the last URL present from your documentation inside my topic description but in fact, i'm already redirecting to $WEB_AUTHOR_URL/plugins-dispatcher/rest-login-callback. Sorry for this missed copy/paste.

Thanks in advance.

Regards,
Nicolas
ncroze
Posts: 12
Joined: Mon Sep 30, 2019 11:30 am

Re: Web Author - REST Plugin Auth

Post by ncroze »

Hello Michael,

I just verified this point into the code and log info, and I already redirect to $WEB_AUTHOR_URL/plugins-dispatcher/rest-login-callback. I just paste the wrong URL into my description, sorry for this missed copy/paste.

Thanks in advance.

Regards,
Nicolas CROZE
mihai_coanda
Posts: 78
Joined: Wed Jul 20, 2016 8:22 am

Re: Web Author - REST Plugin Auth

Post by mihai_coanda »

Hello,

Please confirm that the following scenario is what you are experiencing:
  • The WebAtuthor tries to open a document from your server
  • As the user is not logged in your server responds with 401
  • The user is prompted with a dialog in which BASE_REST_SERVER_URL/rest-login is loaded
  • Once the user logs in your window you redirect the window to WEB_AUTHOR_URL/plugins-dispatcher/rest-login-callback.
  • The login dialog is hidden and the WebAuthor is reloaded
  • The Web Author should reload the document with success
What are you experiencing more exactly, is the WebAutor showing again the login dialog ?

Please note that the WEB_AUTHOR_URL/plugins-dispatcher/rest-login-callback and point is meant to collect the cookies set by your BASE_REST_SERVER_URL/rest-login endpoint and pass them in further requests to other BASE_REST_SERVER_URL/ endpoints.
For the WEB_AUTHOR_URL/plugins-dispatcher/rest-login-callback endpoint to have access to the cookies set by your BASE_REST_SERVER_URL/rest-login endpoint they must meet the Same Origin cookies policy [1]. You can use the browser's developer console to check whether the cookies set by rest-login are passed to plugins-dispatcher/rest-login-callback

Regards,
Michael

[1] https://developer.mozilla.org/en-US/doc ... age_access
Michael

https://www.oxygenxml.com
ncroze
Posts: 12
Joined: Mon Sep 30, 2019 11:30 am

Re: Web Author - REST Plugin Auth

Post by ncroze »

Hello Michael,

Sorry, i was on vacation and i just came back today. I look at your informations (origin documentation, same origin policy, author web rest-api documentation,..) and i'm already into the described configuration. There is just for one thing I think i'm wrong than your schema :

The WebAuthor tries to open a document from your server
As the user is not logged in your server responds with 401
The user is prompted with a dialog in which BASE_REST_SERVER_URL/rest-login is loaded

Once the user logs in your window you redirect the window to WEB_AUTHOR_URL/plugins-dispatcher/rest-login-callback
The login dialog is hidden and the WebAuthor is reloaded
The Web Author should reload the document with success


Between the last green step and the next yellow step, that's what happens :

- BASE_REST_SERVER_URL/rest-login redirect to my main app login page (displayed into the popup as expected)
- User tries to log itself with these ID
- Authentication returns HTTP code 200
(Here i see Cookie header well set when i call another WS to BASE_REST_SERVER_URL)
- Front-End intercepts its OK response and redirects to WEB_AUTHOR_URL/plugins-dispatcher/rest-login-callback, but the Cookie header is not as expected

I was thinking these 2 applications are not on same Origin but they are. In proof, i don't saw the Origin header on request headers for WEB_AUTHOR_URL/plugins-dispatcher/rest-login-callback redirection, so i'm well on same Origin.
I'm now thinking i have to pass into my main app's Back-End to set Cookie header with Spring Security, before i can redirect to WEB_AUTHOR_URL/plugins-dispatcher/rest-login-callback. I will try tomorrow, but if you got any idea of solution, don't hesitate to tell me :P

Thanks for advices and have a good evening.
Nicolas CROZE
mihai_coanda
Posts: 78
Joined: Wed Jul 20, 2016 8:22 am

Re: Web Author - REST Plugin Auth

Post by mihai_coanda »

Hello Nicolas ,

The cookies that the login request sets should be passed b y the browser to future Web Author requests. For this to happen the session cookies should be on the same domain as the WebAuthor and their paths should indicate a URL path that must exist in the Web Author URL in order to be sent in the Cookie header ( / in most cases ).

To see if your cookies are correctly set and they are accessible to the Web Author you can use the browser's developer tools to check whether they are passed on the WEB_AUTHOR_URL/plugins-dispatcher/rest-login-callback request. If they are the WebAuthor should pass them to your REST server endpoints in future requests.

Regards,
Michael
Michael

https://www.oxygenxml.com
ncroze
Posts: 12
Joined: Mon Sep 30, 2019 11:30 am

Re: Web Author - REST Plugin Auth

Post by ncroze »

So I have to build a specific web author page to manage authentication, isn't it ? Because I already respect all points listed above, as I explained in my last message.
The little difference between your informations and my current settings is that BASE_REST_SERVER_URL/rest-login redirect to another application (even if i'm on same domain) and this application redirect to web author if authentication is OK and initial request comes from web author (these 2 steps are made into web author relog popup). And it clearly dont works like this... Browser dont set Cookie correctly when the redirection is made, and I already check in developer browser console.

Or there is a point I really didn't understand but we are still several developers to be in the same understanding than me.. :/

Anyway, dont you have a little project example to see all links from my eyes and see from my side what is bad actually, or at least one documentation to create this login page in web author ?

Thanks in advance and sorry for my lot of questions.

Regards
Nicolas CROZE
mihai_coanda
Posts: 78
Joined: Wed Jul 20, 2016 8:22 am

Re: Web Author - REST Plugin Auth

Post by mihai_coanda »

Hello,
From what i understand BASE_REST_SERVER_URL/rest-login redirects to another page that is on the same domain as BASE_REST_SERVER_URL/rest-login and the Web Author. If all the apps are on the same domain then it should work without any changes as cookies set by OTHER_APP are accessible to the Web Author.
For this to be true your URLs should be similar to:
mydomain.com/WEB_AUTHOR/
mydomain.com/BASE_REST_SERVER_URL/...
mydomain.com/OTHER_APP/login.html

and the session cookie path should be /. Your issue seems to be generated by the session cookies being set on an incorrect path, making them not accessible to the Web Author.

To better guide you to a solution to your problem i would need answer to some questions:
When inspecting the cookies using the browser's developers console does the session cookie that your login page set appear in the list?
What is the path of the session cookie?
Michael

https://www.oxygenxml.com
ncroze
Posts: 12
Joined: Mon Sep 30, 2019 11:30 am

Re: Web Author - REST Plugin Auth

Post by ncroze »

Hello Michael,

Thanks for your reactivity. These are the actual cookies in picture (after authentication) :

Image

Effectively I never check this "Path" information. Do you know can I simply manage its value in my case ?
The fact which are two JSESSIONID wont provoke another problem too ?

Regards
Nicolas
mihai_coanda
Posts: 78
Joined: Wed Jul 20, 2016 8:22 am

Re: Web Author - REST Plugin Auth

Post by mihai_coanda »

Hello

It seems that the problem was indeed generated due to the session cookie path attribute. The Web Author was passing it's version if JSESSIONID cookie as it was the one accessible to it, being set for path /AUTHOR_WEB.

The two JSESSIONID will not cause any issues as they have their paths defined for each application so they will not clash. Unfortunately if you set the session cookie from your application to have as path / the Web Author will continue to pass it's own version of JSESSIONID so the user will still not get logger in.

To make the login process work you will have to:
  • Make sure that your application sets the session cookie path to / so that the Web Author can access it.
  • Rename the session cookie for one of the applications.
To change your application's session cookie name you can use Servlet API 3.0. in your web.xml:

Code: Select all

<session-config>
    <cookie-config>
        <name>MY_JSESSIONID</name>
    </cookie-config>
</session-config>
To change the session cookie the Web Author uses you have to make changes in the deploy's shiro.ini file.
Replace

Code: Select all

sessionIdCookie = ro.sync.auth.RouteIdAwareSimpleCookie
sessionManager.sessionIdCookie = $sessionIdCookie
with

Code: Select all

sessionIdCookie = ro.sync.auth.RouteIdAwareSimpleCookie
sessionIdCookie.name=CUSTOM_NAME
sessionManager.sessionIdCookie = $sessionIdCookie
Unfortunately this will have to be done on each instance of WA that you are using and applying the changes will require a restart of the server hosting the Web Author.
Michael

https://www.oxygenxml.com
ncroze
Posts: 12
Joined: Mon Sep 30, 2019 11:30 am

Re: Web Author - REST Plugin Auth

Post by ncroze »

Oh yes! I'm now making business with the rest of the API.

Big thanks for your informations. Unfortunately, I still have two problems on which you surely could help me :

1. Even if application redirects me to rest-login-callback with the good Cookies, pop up is still openned after successfull authentication, i don't know why now. (You can check the headers on screenshot aside)

2. I can close the logging popup (after there was a successfull auth) and the browsing frame, and next, if i reopen the browsing frame, all is OK and author web calls my REST server as described. But my REST call response to the basic folder browsing request seems to not be good. Is your response model described aside still the good one ?

[{"name": "file.ditamap","folder":false},{"name":"topics","folder":true}]
mihai_coanda
Posts: 78
Joined: Wed Jul 20, 2016 8:22 am

Re: Web Author - REST Plugin Auth

Post by mihai_coanda »

Hello,

1. This might me caused by a request being made before the credentials reach rest-login-callback. Check the browser's network tab to pinpoint the exact request being made that triggers the login dialog after the initial login dialog closed itself.
If you do not have control of that request you can have your login form check if the user is already logged in and redirect him directly to rest-login-callback for the dialog to close.

2 The response seems to be correct. To check whether the correct response reaches the Web Author you should inspect the /browse/list/ Web Author request and see what it returns when you invoke the file browser.

You should also enable the server side logs for the REST Connector com.oxygenxml.rest.plugin package and check the logs of your actions. More on activating logs can be found in out user manual [1].

Regards,
Michael

[1] https://www.oxygenxml.com/doc/versions/ ... l?hl=log4j
Michael

https://www.oxygenxml.com
ncroze
Posts: 12
Joined: Mon Sep 30, 2019 11:30 am

Re: Web Author - REST Plugin Auth

Post by ncroze »

Hello Michael,

I solved my first problem but i was still on the second one and I'm pretty sure that I'm returning the good JSON format with good HTTP status.

As you can see below, first screenshot is representing a good browsing request and the second one reprensents my REST_SERVER log which indicated the JSON array reprensentation of my List instance returned by my WS :

Image

Image

They seems to be perfectly identical. :cry:

Regards.
Nicolas CROZE
mihai_coanda
Posts: 78
Joined: Wed Jul 20, 2016 8:22 am

Re: Web Author - REST Plugin Auth

Post by mihai_coanda »

Hello Nicolas,

As i mentioned in my previous reply, you will have to enabled the logs in the Web Author to check what the WebAuthor is actually receiving from your server and also check what the /browse/list/ browser Web Author request for your REST Connector receives, not the one of the WebDAV Connector.

Regards,
Michael
Michael

https://www.oxygenxml.com
ncroze
Posts: 12
Joined: Mon Sep 30, 2019 11:30 am

Re: Web Author - REST Plugin Auth

Post by ncroze »

I have already my Author Web's logs in debug mode activated, as u mentionned. :wink: But no log is displayed excepted this stacktrace associated to an Exception raised up into a RestFileBrowser class which I can't debug in.. (only .class available). See screenshot below :

Image

If you want the whole log file I can transfer it to you but there is no more log after this stacktrace.. :|

And I just can't launch any successfull /browse/list/ browser Web Author request because the first one for the root is in error... It is for this reason I linked a WebDab Connector return, by hoping these 2 returns were the same... Maybe I don't understood what are you meaning and I'm sorry in this case.

Regards.
Nicolas CROZE
mihai_coanda
Posts: 78
Joined: Wed Jul 20, 2016 8:22 am

Re: Web Author - REST Plugin Auth

Post by mihai_coanda »

Hello,

The logs that you sent me are from the Web Author but no logs for com.oxygenxml.rest.plugin are set to DEBUG as they do not appear in your logs.

Did you add log4j.category.com.oxygenxml.rest.plugin=debug in the WebAuthor's log4j.properties file and restarted the WebAuthor ?

Regards,
Michael
Michael

https://www.oxygenxml.com
ncroze
Posts: 12
Joined: Mon Sep 30, 2019 11:30 am

Re: Web Author - REST Plugin Auth

Post by ncroze »

Sorry I didn't looked at your additional log propertie line, I directly went on documentation linked, my bad. Here is the new log, but I don't understand why it's a 404 code return, while I pass into my REST controller which only return the folder list into expected format and set to response a HTTP status code 200..

Image

Thanks Michael.
ncroze
Posts: 12
Joined: Mon Sep 30, 2019 11:30 am

Re: Web Author - REST Plugin Auth

Post by ncroze »

You can ignore my last message. It's definitively on my side.

Thanks for your help Michael.

Regards,
Nicolas CROZE
ncroze
Posts: 12
Joined: Mon Sep 30, 2019 11:30 am

Re: Web Author - REST Plugin Auth

Post by ncroze »

Hello Michael,

Again, thanks for your help, now, i can navigate into our document architecture and i can now read a document provided by my main application. Your API is really practical to use.

However, I have a last question for you :P :

- Can I configure the two parameters (BASE_REST_URL and Root_regexp) of my REST plugin from a static way (properties file or other way) ?

Have a good evening.

Regards,
Nicolas CROZE
mihai_coanda
Posts: 78
Joined: Wed Jul 20, 2016 8:22 am

Re: Web Author - REST Plugin Auth

Post by mihai_coanda »

Hello Nicolas,
I am glad that i could help.

The Web Author stores it's options in the options.xml file . You can add the following entries to the file to customize the REST Connector Options:

Code: Select all

		<entry>
			<String>PLUGIN_CUSTOM_OPTIONS.rest.root_regexp</String>
			<String>rest://CMS/[^/]+/</String>
		</entry>
		<entry>
			<String>PLUGIN_CUSTOM_OPTIONS.rest.server_url</String>
			<String>REST_SERVER_URL</String>
		</entry>
Michael

https://www.oxygenxml.com
Post Reply