Project and Portfolio Management Practitioners Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

Authentication in a customized JSP

Highlighted
PPM Admin
Regular Collector

Authentication in a customized JSP

Is there in any way we can access a customized jsp inside itg.war directly without authentication?

Can we bypass the authentication or maybe hard coded username / password?
10 REPLIES
Erik Cole
Honored Contributor

Re: Authentication in a customized JSP

You can place jsp pages inside the ITG_HOME/pdf directory tree and they can be accessed without auth...
PPM Admin
Regular Collector

Re: Authentication in a customized JSP

But how can you recompile this jsp outside itg.war or dashboard.war?
Erik Cole
Honored Contributor

Re: Authentication in a customized JSP

They just get compiled on the fly
Jim Esler
Honored Contributor

Re: Authentication in a customized JSP

In fact, you can add or modify jsp files within any of the subdirectories under deploy/itg.war/web/knta/ and they will be recompiled before use after the next bounce. Any changes will need to be reapplied after an upgrade, though.
PPM Admin
Regular Collector

Re: Authentication in a customized JSP

@Erik
Have you tried adding jsp in this folder? When I add my code in this folder it doesn't get recompile by itself.

@Jim
The idea why we need to add this jsp file outside itg.war is to bypass authentication. Is there any way you know or suggest that we can do to comply in that requirement?

Thanks
Jim Esler
Honored Contributor

Re: Authentication in a customized JSP

We added a button on the login page that opens a specific request form without having the user log in. This is done by hardcoding a user name and password in the form containing that button. This user name has very restricted access that limits it to the one specific activity.
PPM Admin
Regular Collector

Re: Authentication in a customized JSP

This workaround is not possible with our environment. We've been implemented Web Remote Single Sign On. We no longer go thru PPM logon page. Besides this jsp will be access by another system thru URL and there's no human interaction. Any other workaround in mind?
Jim Esler
Honored Contributor

Re: Authentication in a customized JSP

PPM validation can be set on an individual user record while most users are configured for a different validation mechanism. The predefined login credentials can be (and in fact would need to be) built into the page for the URL used by the users.
PPM Admin
Regular Collector

Re: Authentication in a customized JSP

Hi Jim,

This is what I want to explore but I don't have any luck in solving the problem. Do you have any sample code for reference?

Thanks.
Jim Esler
Honored Contributor

Re: Authentication in a customized JSP

I am attaching a stripped down version of the page we are generating. It is derived from the code in Logon.jsp and extended as necessary to meet our needs. I have not executed this specific file so I cannot guarantee it will work as is, but it should convey the basic idea. For instance, the references to PPM files would need to either be extended to have full paths or be deleted.
//Add this to "OnDomLoad" event