How to bypass the login to the PureWeb server

Last Updated: Release 4.3

Issue/Question

I need to enable anonymous authentication to the PureWeb server, so that end users can access the application without logging in, while at the same time keeping the server administration pages secure. Is this possible?

Solution

This is possible, by changing the default values for the intercept-url patterns. This will enable anonymous users to launch applications and collaborate without passwords, while still requiring authentication for the server administration pages:

  1. Navigate to the following file:
    [installed_location]\PureWeb\Server\webapp\WEB-INF\pureweb-context.xml
    (The default install location is C:\CSI\PureWeb on Windows, or /opt/CSI/PureWeb on Linux.)
  2. Find the section below:
    <!-- pureweb applications -->
    <s:intercept-url pattern="/pureweb/app" access="hasRole('ROLE_PUREWEB_USER')"/>
    <s:intercept-url pattern="/pureweb/ws/**" access="hasAnyRole('ROLE_PUREWEB_USER', 'ROLE_PUREWEB_COLLABORATOR')"/>
    <s:intercept-url pattern="/pureweb/app/**" access="hasAnyRole('ROLE_PUREWEB_USER', 'ROLE_PUREWEB_COLLABORATOR')"/>
    
    <s:intercept-url pattern="/pureweb/view" access="hasRole('ROLE_PUREWEB_USER')"/>
    
    <!-- pureweb collaboration -->
    <!-- Allow anonymous access to collaboration -->
    <s:intercept-url pattern="/pureweb/share" access="hasAnyRole('ROLE_PUREWEB_USER', 'ROLE_PUREWEB_COLLABORATOR')"/>
    
    <!-- Force ROLE_PUREWEB_USER access to collaboration (comment out line above)
    <s:intercept-url pattern="/pureweb/share" access="hasRole('ROLE_PUREWEB_USER')"/>
    <s:intercept-url pattern="/pureweb/share/**" access="hasRole('ROLE_PUREWEB_USER')"/>
    -->
    <s:intercept-url pattern="/pureweb/share/[a-f,0-9]{8}-[a-f,0-9]{4}-[a-f,0-9]{4}-[a-f,0-9]{4}-[a-f,0-9]{12}" access="hasAnyRole('ROLE_PUREWEB_USER', 'ROLE_PUREWEB_COLLABORATOR')" method="DELETE"/>
    
  3. Add 'ROLE_ANONYMOUS' to all the entries above that are not commented out. Also change the hasRole value to hasAnyRole, if applicable (on lines where there was only one role previously).
 

You can also set your login bypass so that the PureWeb server's home page automatically redirects to the client application.

To make this work:

  1. Make note of the part of your client's launch URL that starts with "app" or "view", for example
    view?name=ScribbleAppCpp&client=html5
    (More information about how the client URLs are constructed can be found here.)
  2. Navigate to the following file:
    [installed_location]\PureWeb\Server\webapp\WEB-INF\web.xml
  3. Replace any instance of the string "server/home" with the URL string you noted in step 1.

    (The URL must be encoded, which means replacing any instance of the ampersand with the html code (&amp;); the same goes for spaces, which must be replaced with %20.)

For the changes to take effect, you will need to restart the server (or use the option Reload PureWeb System which can be found at the bottom of the server's Configuration page).

Now, when a user navigates to the application's URL, the application will launch without prompting for login credentials.

And if you redirected the server's home page to the application URL, to access the server pages, you will need to specify an actual page in the URL, for example:
http://localhost:8080/pureweb/server/status

The URL to each server administration page is provided in the Server Pages Summary section of the documentation.

 

April 11, 2017