Description


This KB applies to users that has setup the Kerberos Directory Manager Plugin for their Joget platform to perform seamless SSO.

However by default, when directly navigating to Joget links (e.g.: clicking on an assignment link appended into an email issued by Email Tool), users noticed that it still requires keying in login details.


Solution

To automatically handle cases such as directly navigating to assignment view in Joget apps, this requires a custom web filter to first perform SSO via AJAX call and then to redirect back to the intended URL.

After building the web filter plugin, place the JAR file in your Joget's tomcat directory at [tomcat directory]/webapps/jw/WEB-INF/lib.

Here below is the sample web filter script for your reference.

package org.joget.sample;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joget.apps.app.service.AppUtil;
import org.joget.commons.util.ResourceBundleUtil;
import org.joget.workflow.model.service.WorkflowUserManager;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;

@WebFilter(filterName = "KerberosLoginFilter", urlPatterns = {"/web/login"})
public class KerberosLoginFilter implements Filter {
    
    // Change this to point to your Kerberos SSO URL
    public static final String URL = "http://localhost:8080/jw/web/json/plugin/org.joget.plugin.kerberos.KerberosDirectoryManager/service";

    /**
     * Default constructor.
     */
    public KerberosLoginFilter() {}

    /**
     * @see Filter#destroy()
     */
    public void destroy() {}

    /**
     * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
     */
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        WorkflowUserManager workflowUserManager = (WorkflowUserManager) AppUtil.getApplicationContext().getBean("workflowUserManager");
        
        if (workflowUserManager.isCurrentUserAnonymous()) {
            HttpServletRequest httprequest = (HttpServletRequest) request;
            HttpServletResponse httpresponse = (HttpServletResponse) response;
            
            SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(httprequest, httpresponse);
            String savedUrl = "";
            if (savedRequest != null) {
                savedUrl = savedRequest.getRedirectUrl();
            } else if (httprequest.getHeader("referer") != null) { 
                savedUrl = httprequest.getHeader("referer");
            }
            
            if (savedUrl.contains("ulogin")) {
                savedUrl = savedUrl.replaceAll("ulogin", "userview");
            }
            
            // Only apply for navigating to assignments. Feel free to change this condition for any other menus to login redirect
            if (savedUrl.contains("assignment")) {
                // Using jquery to SSO and redirect
                String html = "<html><head>";
                html += "<script type=\"text/javascript\" src=\""+httprequest.getContextPath()+"/wro/common.js?build="+ResourceBundleUtil.getMessage("build.number")+"\"></script>";
                html += "<script type=\"text/javascript\" src=\""+httprequest.getContextPath()+"/js/jquery/jquery-3.5.1.min.js\"></script>";
                html += "<script>";
                html += "$(function(){";
                html += "    $.ajax({method : 'GET', url : '" + URL + "', }).done(function(resp){";
                html += "        window.location = '" + savedUrl + "';";
                html += "    });";
                html += "});";
                html += "</script></head>";
                html += "<body>Please wait...</body>";
                html += "</html>";

                httpresponse.getWriter().write(html);
                httpresponse.setContentType("text/html;charset=UTF-8");

                return;
            }
        }
        
        chain.doFilter(request, response);
    }

    /**
     * @see Filter#init(FilterConfig)
     */
    public void init(FilterConfig fConfig) throws ServletException {}
}


Download Plugin

Plugin Source Code: 

kerberos_filter.zip




  • No labels