MicroStrategy ONE

Code Explanation for Scenario: Creating a Session from a Custom Login Page

In this customization scenario, you create both a custom ESM and a custom log-in page.

  • The custom ESM overrides the handlesAuthenticationRequest method with code that checks to see if login first is enabled, invokes the custom login page, and includes logic to determine how the session handling should be processed. It also overrides the getCustomLoginURL method so that it returns the URL to the custom login page and the getFailureURL method so that it returns the URL to use if authentication fails.
  • The custom log-in page collects all of the information needed to create a session (the user ID and password, authentication mode, server name, and project) and determines which MicroStrategy Web page to display as the start page, based on whether to show projects first or make the user log in first. The custom ESM uses the information collected by the custom login page to create a session on the Intelligence Server.

Although it is not part of this scenario, you can also manage the closing or persistence of the session, check to see if the user is authorized to perform the requested action, and perform additional actions such as user mapping, session sharing, and applying additional authorization criteria.

 

Custom ExternalSecurity java class  (called CustSessionCreation.java in the corresponding scenario)

A generic explanation of how to create the custom ESM code required to perform this customization is provided below. The code is explained in sections, with the explanation preceding each section of code. You can use this as the basis for creating your own custom ESM.

  • Explanation: Specify the package in which this class will reside and import the necessary classes, including AbstractExternalSecurity (which contains default implementations for all of the methods).

    Copy
    package com.microstrategy.sdk.samples.externalsecurity;
    import com.microstrategy.utils.StringUtils;
    import com.microstrategy.web.app.AbstractExternalSecurity;
    import com.microstrategy.web.beans.RequestKeys;
    import com.microstrategy.web.platform.ContainerServices;
    import com.microstrategy.web.preferences.Preferences;
    import com.microstrategy.web.preferences.PreferencesException;
    import com.microstrategy.web.preferences.PreferencesMgr;
  • Explanation: Declare that this custom External Security class (compiled from the sample java file called CustSessionCreation.java in the corresponding scenario) extends AbstractExternalSecurity, which includes the code to create the session. Declare the private isLoginFirst variable and set it to "false". THis variable will be used to determine which MicroStrategy Web page to use as the start page.

    Copy
    public class CustSessionCreation
      extends AbstractExternalSecurity
    {
      private boolean isLoginFirst = false;
     
      public CustSessionCreation() {}
  • Explanation: Override the handlesAuthenticationRequest method to add code to do the following:

    • Invoke the private isLoginFirstEnabled method to to see if login first is enabled and set the isLoginFirst variable to the value that is returned

    • Get the value of the login page to use from the request keys and set the str variable to that value
    • Use logic to determine how the session handling should be processed.
      • If the str variable has a value, use the default login page (return value "1" = USE_MSTR_DEFAULT_LOGIN)
      • If the value passed in the request is "4" (LOGIN_FIRST), use the custom login page (return value "3" = USE_CUSTOM_LOGIN_PAGE)
      • If the isLoginFirst variable is true, use the default login page (return value "1" = USE_MSTR_DEFAULT_LOGIN)
      • If none of the conditions above are met, use the custom login page (return value "3" = USE_CUSTOM_LOGIN_PAGE)
    Copy
      public int handlesAuthenticationRequest(RequestKeys paramRequestKeys, ContainerServices paramContainerServices, int paramInt)
      {
        isLoginFirst = isLoginFirstEnabled();
        String str = paramRequestKeys.getValue("loginPage");
        if (StringUtils.isNotEmpty(str)) {
          return 1;
        }
        if (paramInt == 4) {
          return 3;
        }
        if (isLoginFirst) {
          return 1;
        }
        return 3;
      }
  • Explanation: Override the getCustomLoginURL method so that it returns the relative path to the custom login page, called CustSessionLoginPage.jsp in this example.

    Copy
      public String getCustomLoginURL(String paramString1, String paramString2, int paramInt, String paramString3)
      {
        return "../plugins/CreatingSessionCustomLogin/jsp/CustSessionLoginPage.jsp?LoginFirst=" + (isLoginFirst ? "1" : "0");
      }
  • Explanation: Override the getFailureURL method so that it returns the URL to use if authentication fails, by invoking getCustomLoginURL and passing in null values.

    Copy
      public String getFailureURL(int paramInt, ContainerServices paramContainerServices)
      {
        return getCustomLoginURL(null, null, 0, null);
      }
  • Explanation: Create a private isLoginFirstEnabled method that checks the default system preferences to see if login first is enabled. It invokes the private getDefaultPreferences method shown in the next step.

    Copy
      private static boolean isLoginFirstEnabled()
      {
        String str = getDefaultPreference("loginFirst");
        return (str != null) && (str.equals("1"));
      }
  • Explanation: Create a private getDefaultPreferences method that returns the default system preferences, including the login first preference.

    Copy
      private static String getDefaultPreference(String paramString)
      {
        String str = null;
        Preferences localPreferences = null;
        try
        {
          localPreferences = PreferencesMgr.getInstance().getSysDefaultPreferences();
        }
        catch (PreferencesException localPreferencesException) {}
        str = localPreferences != null ? localPreferences.getValue(paramString) : null;
        return str;
      }
    }

 

Custom login page  (called CustSessionLoginPage.jsp in the corresponding scenario)

A generic explanation of how to create the custom login page required to perform this customization is provided below. The code is explained in sections, with the explanation preceding each section of code. You can use this as the basis for creating your own custom login page.

  • Explanation: Import the necessary classes.

    Copy
    import com.microstrategy.web.objects

Add the following sections of code inside an <html> node.

  • Explanation: Create and instantiate variables to represent the URL paths to the two possible start pages—the Desktop page and the Home page. The variable value is a relative path with the evt (event) parameter set to the event ID for the appropriate page—"3054" for the Desktop page and "3010" for the Home page.

    Copy
     //This variable is the relative path to the MicroStrategy Web Desktop page.
      String mstrDesktopURL="../../../servlet/mstrWeb?evt=3054";
     //This variable is the relative path to the MicroStrategy Web Home page
      String mstrHomeURL="../../../servlet/mstrWeb?evt=3010";
  • Explanation: Create and instantiate a variable for the URL to the custom login page and a variable that determines which page the URL should open as the start page (based on whether the user should log in first or see projects first).

    Copy
     //This variable determines which page to display based on the log in first preference
      boolean isLoginFirst;
     //This variable specifies the URL that points to the custom login page.
      String url;
  • Explanation: Provide logic to determine which start page to use. If the user must log in first, use the Desktop page; otherwise, use the Home page.

    Copy
      if ("1".equals(request.getParameter("LoginFirst"))) {
        isLoginFirst = true;
        url = mstrDesktopURL;
      } else {
        isLoginFirst = false;
        url = mstrHomeURL;
      }
  • Explanation: Create a form that collects and provides all of the information needed to create a session. If login first is not enabled, the user enters the server name, project name, and user name and password. If login first is enabled, the user enters only the user name and password. The connection mode is hidden and supplied programmatically.

    Copy
    <form name='loginForm' action='<%=url%>' method='post' >
    <input type='hidden' name='loginPage' value='loginpage'>
    <% if (!isLoginFirst) { %>
    <label for="Server">Server name:</label> <input value="" type="text" class="txt"
    name="Server" id="Server"/><br/>
    <label for="Project">Project name:</label> <input value="" type="text" class="txt"
    name="Project" id="Project"/><br/>
    <% } %>
    <label for="Uid">User name:</label> <input value="" type="text" class="txt"
    name="Uid" id="Uid"/><br/>
    <label for="Pwd">Password:</label> <input type="password" class="txt" name="Pwd"
    id="Pwd"/><br/>
    <input value="1" type="hidden" name="ConnMode" id="ConnMode"/>
    <input value="Login" type="submit" class="btn" name="3054" id="3054"/>
    </form>