I guess the first page which tried to redirect to the second page with wrong url by using javascript. If it redirects to other page from the server-side with http status code and header, then the reverse proxy service can detect and rewrite to a proxied url from the reverse proxy configurations if found.
Anyway, if the first page has javascript to redirect, e.g., 'location.href = /otrs/customer.pl?CSID=1047f4e2a54420bc329c4f2e3cd511e23a', that script line is not rewritten by default. (By the way, you can refer to the default rewriting class here if you're interested in: http://svn.apache.org/repos/asf/portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/DefaultReverseProxyLinkRewritingParserAaptor.java) If the redirecting script line is simple, then you can add a custom replace pattern in the reverse proxy configuration like the following example: proxy.reverse.pass.issues.rewriter.parserAdaptor.html.property.customPatterns = \\/otrs\\/customer\\.pl proxy.reverse.pass.issues.rewriter.parserAdaptor.html.property.customReplaces = /j2-admin/rproxy/otrs/otrs/customer.pl The above additional custom replace configuration will replace every line having that regex pattern. -Woonsan --- On Fri, 8/20/10, [email protected] <[email protected]> wrote: > From: [email protected] <[email protected]> > Subject: Re: SSO IFrame form authentication > To: "Jetspeed Users List" <[email protected]> > Date: Friday, August 20, 2010, 8:19 PM > I am using > j2-admin::SSOReverseProxyIFramePortlet. I also believe > I am > using the exact reverse properties as the apache > example. I have > discovered one issue when accessing directly in that it > appears when I > enter > http://host.domain-name.com:8080/j2-admin/rproxy/otrs/otrs/customer.pl, > > and login manually, I am redirected to > http://host.domain-name.com:8080/otrs/customer.pl?CSID=1047f4e2a54420bc329c4f2e3cd511e23a > > and I get an HTTP 404 error. If I then correct the > url and put the > j2-admin/rproxy/otrs back in, I get the correct page > rendered and I am > logged in. In any case, once I get logged in and try > to drill down to an > incident link, I get an error trying to load the javascript > because > something has changed the .js in the link to .html > Again, I am using the > apache example config for rewriting. > > # ... Set max matching path part count > proxy.reverse.pass.maxMatchingPathPartCount = 2 > > # ... Sets detail attributes for apache path mapping > proxy.reverse.pass = otrs > proxy.reverse.pass.otrs.local = /otrs/ > proxy.reverse.pass.otrs.remote = http://host.domain-name.com/ > proxy.reverse.pass.otrs.rewriter.basic = > org.apache.portals.applications.webcontent.rewriter.WebContentRewriter > proxy.reverse.pass.otrs.rewriter.parserAdaptor = html > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html = > org.apache.portals.applications.webcontent.proxy.impl.DefaultReverseProxyLinkRewritingParserAaptor > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.mimeType > = text/html > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.lookUpAllMappings > > = true > > Thanks, MikeB > > Mike Ballard > Director of Internet Development and Networking > O'Reilly Auto Parts > (417) 874-7107 Ofc > (417) 838-0271 Cell > > This message is protected by the Electronic Communications > Privacy Act, 18 > USCS § 2510 et seq., and may not be used, copied or > forwarded without the > consent of the named recipient(s). The information > contained in this > message is confidential, is intended only for the use of > the individual or > entity named. If the reader of this message is not > the intended > recipient, you are hereby notified that any dissemination, > distribution or > copying of this communication is strictly prohibited. > If you have > received this communication in error, please notify me > immediately at > 417-874-7107. > > > > From: > Woonsan Ko <[email protected]> > To: > Jetspeed Users List <[email protected]> > Date: > 08/20/2010 12:55 PM > Subject: > Re: SSO IFrame form authentication > > > > Regarding the problem of javascript link ending in .js to > .html, with > which portlet do you meet the problem? > j2-admin::SSOReverseProxyIFramePortlet, > j2-admin::SSOFormBasedAuthReverseProxyIFramePortlet, > j2-admin::SSOIFramePortlet, j2-admin::SSOWebContentPortlet, > or > j2-admin::SSOProxyPortletPortlet? > > j2-admin::SSOReverseProxyIFramePortlet and > j2-admin::SSOFormBasedAuthReverseProxyIFramePortlet only > are using the > reverse proxy service. > > If you are using those reverse proxy portlets, then how's > the rewriter > configurations for the reverse proxy pass mapping in > /j2-admin/WEB-INF/conf/reverseproxy.properties? > I'd like to recommend you to use the default configuration > like the apache > example: > > # ... Sets detail attributes for apache path mapping > proxy.reverse.pass.apache.local = /apache/ > proxy.reverse.pass.apache.remote = http://apache.org/ > proxy.reverse.pass.apache.rewriter.basic = > org.apache.portals.applications.webcontent.rewriter.WebContentRewriter > proxy.reverse.pass.apache.rewriter.parserAdaptor = html > proxy.reverse.pass.apache.rewriter.parserAdaptor.html = > org.apache.portals.applications.webcontent.proxy.impl.DefaultReverseProxyLinkRewritingParserAaptor > proxy.reverse.pass.apache.rewriter.parserAdaptor.html.mimeType > = text/html > proxy.reverse.pass.apache.rewriter.parserAdaptor.html.property.lookUpAllMappings > > = true > > With the default example above, the rewriting xml rule > files such as > default-rewriter-rules.xml and rewriter-rules-mapping do > not play any role > with reverse proxying portlets. > > The last example in the configuration file still uses the > Neko and Sax > parser adaptor configuation, which was provided for the old > web content > portlets. However, it turns out to be less useful in this > reverse proxy > portlets. (The old rewriting xml rules were mainly for > rewriting urls to > portlet urls, while reverse proxy service is just another > servlet-based > solution with integration to portlet, meaning the url > rewriting doesn't > need to be that complex any more.) > > One more tip is that you could test the reverse proxying by > navigating the > proxied urls directly. > So, for example, if http://www.yourdomain.com/orders/ is mapped to > /j2-admin/rproxy/yourdomain/orders/, then you can browse > directly to > http://localhost:8080/j2-admin/rproxy/yourdomain/orders/. > You can see what > happens for rewriting problems with this direct access. > > HTH, > > Woonsan > > --- On Fri, 8/20/10, [email protected] > <[email protected]> > > wrote: > > > From: [email protected] > <[email protected]> > > Subject: Re: SSO IFrame form authentication > > To: "Jetspeed Users List" <[email protected]> > > Date: Friday, August 20, 2010, 6:55 PM > > Good to know. So I have rebuilt > > my site on 2.2.1 and it seems to be > > stable, unlike the previous implementation on Derby. > > Not sure if that's > > an indication of a problem with 2.2.1 & Derby, or > just > > a local issue. My > > remaining issue is the rewrite in the reverse proxy > portlet > > is changing a > > javascript link ending in .js to .html Any > ideas? > > > > > > > > From: > > Woonsan Ko <[email protected]> > > To: > > Jetspeed Users List <[email protected]> > > Date: > > 08/20/2010 11:50 AM > > Subject: > > Re: SSO IFrame form authentication > > > > > > > > I believe the pages can be simply copied because I > cannot > > find anything to > > watch with psml pages either. > > By the way, you can copy those pages into any other > folder > > by configuring > > the path in > /jetspeed/WEB-INF/conf/override.properties. For > > example, > > > > # default path to (XML) PSML pages root folder > > psml.pages.path = > > ${applicationRoot}/WEB-INF/migrated_pages > > > > Regards, > > > > Woonsan > > > > --- On Fri, 8/20/10, [email protected] > > <[email protected]> > > > > wrote: > > > > > From: [email protected] > > <[email protected]> > > > Subject: Re: SSO IFrame form authentication > > > To: "Jetspeed Users List" <[email protected]> > > > Date: Friday, August 20, 2010, 3:05 PM > > > I have installed 2.2.1 with MySQL and > > > I now need to move my pages and > > > layouts from the 2.2.0 installation. Given > that > > my > > > previous 2.2.1 > > > installation on Derby is defunct, is there > anything I > > > should watch out for > > > this time? Can I simply copy the psml's > from > > the > > > 2.2.0 directories to the > > > 2.2.1 directories? I have not > seen a > > > migration guide to address this > > > need. > > > > > > > > > > > > From: > > > Woonsan Ko <[email protected]> > > > To: > > > Jetspeed Users List <[email protected]> > > > Date: > > > 08/18/2010 12:35 PM > > > Subject: > > > Re: SSO IFrame form authentication > > > > > > > > > > > > Hi, > > > > > > I haven't heard of that preferences data problem > yet > > in > > > 2.2.1. > > > IMHO, It could help to localize the problems if > you > > test > > > against other > > > databases > > > like PostgreSQL or MySQL. > > > On the other hand, I think you could deploy > newer > > > j2-admin.war and > > > apa-webcontent.war which were included in 2.2.1. > > > > > > -Woonsan > > > > > > > > > ----- Original Message ---- > > > > From: "[email protected]" > > > <[email protected]> > > > > To: Jetspeed Users List <[email protected]> > > > > Sent: Wed, August 18, 2010 6:10:25 AM > > > > Subject: Re: SSO IFrame form authentication > > > > > > > > Well, here's the rub. I believe the > > > SSOReverseProxyIFramePortlet is new > > > > > > > in 2.2.1, which is where I was when I first > > posted, > > > however, I found > > > that > > > > my configuration kept getting scrambled, so > I > > reverted > > > to 2.2.0 I will > > > > try your suggestion on 2.2.1, but I will > have to > > > address the scrambling > > > > issue. What is happening is > this. I > > have > > > cloned the IFramePortlet > > > > several times and configured each for > different > > static > > > content being > > > > served from apache2. I have avoided > setting > > any > > > user preferences, and, > > > > > > > instead, set the preferences for each clone > in > > the > > > PAM portlet. > > > Everything > > > > worked fine. Then after a few hours, > the > > > IFramePortlet content was all > > > > > > > mixed up. For instance, the portlet on > > > > page 1 would be showing the > > > > content I had configured for the portlet on > page > > > > > 2 and so on. I went > > > into > > > > PAM and corrected the preferences to what > > they > > > should be and assumed I > > > was > > > > ok, but the next morning things were > > scrambled > > > again. I did some > > > queries > > > > in the derby db and it appears they > are > > wrong > > > there. I don't know if > > > this > > > > is a portlet id issue or an indexing > > problem or > > > what, but I need a > > > > resolution before I can proceed to > 2.2.1 > > > Of course, I have the exact > > > same > > > > configuration in 2.2.0 and am having > no > > problem > > > there, but I also have > > > no > > > > SSOReverseProxyIFrame there. > Any > > ideas? > > > > > > > > > > > > > > > > From: > > > > David Sean Taylor <[email protected]> > > > > To: > > > > Jetspeed Users List <[email protected]> > > > > Date: > > > > 08/17/2010 07:19 PM > > > > Subject: > > > > Re: SSO IFrame form authentication > > > > > > > > > > > > > > > > On Tue, Aug 17, 2010 at 1:40 PM, > > <[email protected]> > > > > > wrote: > > > > > How did your testing go? I > compared > > SSO > > > Webcontent (which works, > > > sort > > > > of) > > > > > to SSO IFrame classes and I see a > method > > > for preemptive login in the > > > > > webcontent class but no reference at > all in > > > the SSO IFrame class. > > > Does > > > > > this just mean it is being done > > > differently, or is something amiss in > > > > > > > the > > > > > SSO IFrame class? > > > > > > > > There are two SSOIFrame classes: > > > > > > > > 1. SSOIFramePortlet > > > > 2. SSOReverseProxyIFramePortlet > > > > > > > > Suggest using the second one, > > > SSOReverseProxyIFramePortlet as it gives > > > > you features not available in the > older > > > SSOIFramePortlet such as > > > > auto-resizing and form-based authentication > > > > (what you are after) > > > > > > > > I tested with SSOReverseProxyIFramePortlet > and > > > it worked in the > > > > example that comes with Jetspeed, but it > takes a > > > little bit of > > > > configuration. > > > > > > > > First, ensure your Tomcat will need this > > > attribute set in the > > > > <Connector> element of > server.xml: > > > > > > > > emptySessionPath="true" > > > > > > > > more detail here: > > > > > > > > http://portals.apache.org/applications/webcontent/index.html > > > > > > > > If you had to change server.xml > setting, > > then > > > restart your server > > > > > > > > I took these steps to verify SSO with > the > > > example form-based login > > > > that comes with Jetspeed: > > > > > > > > 1. login as admin > > > > 2. navigate to the Jetspeed Administration > > > space, SSO Management page, > > > > or just go here: > > > > > > > > http://localhost:8080/jetspeed/ui/Administrative/sso-admin.psml > > > > > > > > Add a new Site with following > parameters: > > > > > > > > Site Name: Form Example > > > > Site URL: http://localhost:8080/j2-admin/examples/formauth.jsp > > > > Field name for User ID: user > > > > Field name For Password value: pass > > > > > > > > Press Save > > > > > > > > Add a new credential for this site in > the > > > portlet on the right side > > > > (SSO Details): > > > > > > > > Portal Principal: admin > > > > Remote Principal: admin > > > > Remote Credential: admin > > > > > > > > Press Add > > > > > > > > You can verify that the remote > > credential > > > was added for the admin > > > > user by going here: > > > > > > > > http://localhost:8080/jetspeed/ui/my-account.psml > > > > > > > > see the portlet on the right "SSO > Change > > > Passwords", a remote site > > > > entry should be there named "Form > Example" > > > > > > > > Next, you can use the Toolbox to find the > > > Reverse Proxy Iframe Portlet > > > > by searching on "iframe" and then selecting > it > > > from there and adding > > > > to a page. To make things simple, I just > added a > > > page and then added > > > > the Reverse Proxy Iframe Portlet there. At > first > > this > > > portlet seems to > > > > want to use Basic Authentication, so just > hit > > cancel > > > when challenged. > > > > I then switched to edit mode (pencil icon), > and > > > entered the following > > > > preferences: > > > > > > > > TITLE: My SSO Test > > > > SRC: http://localhost:$ > > {serverPort}${contextPath}/examples/formauth.jsp > > > > > > > > Press Save > > > > > > > > You should see in your portlet content > something > > > > > like: > > > > > > > > "Hello, admin. You have been authorized by > > > form-based authentication > > > !!!" > > > > > > > > Give that a try and see if it works. Then, > move > > on > > > to your specific > > > > IFrame source and let us know how it > > goes... > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > [email protected] > > > > For additional commands, e-mail: > > [email protected] > > > > > > > > > > > > -- > > > > This message has been scanned for > viruses > > and > > > > dangerous content by MailScanner, and > is > > > > believed to be clean > > > (mailgw2:E659D1E6FC.D1395). > > > > > > > > > > > > > > > > > > > > This communication and any attachments > are > > > confidential, protected by > > > > Communications Privacy Act 18 USCS § > > 2510, > > > solely for the use of the > > > > intended recipient, and may contain > > legally > > > privileged material. If you > > > > > > > are not the intended recipient, please > > return or > > > destroy it > > > immediately. > > > > Thank you. > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean (mailgw2:9902C1E701.B0EA8). > > > > > > > > > > > > > > > This communication and any attachments are > > confidential, > > > protected by > > > Communications Privacy Act 18 USCS § 2510, > solely for > > the > > > use of the > > > intended recipient, and may contain legally > > privileged > > > material. If you > > > are not the intended recipient, please return or > > destroy it > > > immediately. > > > Thank you. > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean (mailgw2:8B04D2A000C.7088C). > > > > > > > > > > This communication and any attachments are > confidential, > > protected by > > Communications Privacy Act 18 USCS § 2510, solely for > the > > use of the > > intended recipient, and may contain legally > privileged > > material. If you > > are not the intended recipient, please return or > destroy it > > immediately. > > Thank you. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean (mailgw2:792FC1E702.4691D). > > > > > This communication and any attachments are confidential, > protected by > Communications Privacy Act 18 USCS § 2510, solely for the > use of the > intended recipient, and may contain legally privileged > material. If you > are not the intended recipient, please return or destroy it > immediately. > Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
