10-Sep-04 (Created: 10-Sep-04) | More in 'Howto'

How to disable Aspire's http authentication and allow a login page

Why?

When aspire is downloaded, Aspire uses http authentication to provide the concept of a user. When evaluating, this might be quite distracting. You can disable this. When it is disabled you will be able to access all of aspire's pages with out any authentication.

Settings

You will see configuration entries like this in the aspire.properties file. 


#**************************************************************************
#********** Authorization/session management directives
#**************************************************************************
aspire.authentication.userAuthorization=no
aspire.authentication.verifyPageAccess=yes

aspire.sessionSupport.applySessionManagement=yes
aspire.sessionSupport.mainpage=\
/webapp/your-page-that-says-session-doesn't exist

request.aspire.sessionSupport.sessionSupportObject.className=\
com.ai.servlets.DefaultSessionSupport1

Turn off the following to disable http authentication


aspire.authentication.userAuthorization=no
aspire.authentication.verifyPageAccess=no
aspire.sessionSupport.applySessionManagement=no

Turning off userAuthorization will tell Aspire to stay off the HttpAuthentication. Turning verifyPageAccess to "no" will stop Aspire from checking security for each page. Turning of applySessionManagement will tell Aspire to create a session if one doesn't already exist.

What does this do to your sessions?

Every page is now accessible with out a password. When that page is accessed, if there is no session a new session is established automatically. But if there is a session already, then aspire will use that session instead. This means you can create a jsp page outside aspire, and have that jsp page establish a login and then create a session. Aspire will then use that session. Only problem is when you don't use the application for some time or use a book mark then your session values would not have been established.

Because of that "session expiration" use this "open" mode during development as this allows access to every page with out any restrictions.

Settings when you use your own login page

When you are willing to create your own login page outside of Aspire and manage the sessions, you still need to tell Aspire to redirect to a page when that session expires. Read the following to accomplish this

How to redirect when a session expires in Aspire for Build 20 and above

If you want to write your login web pages using Aspire itself then read the following

Writing Login pages in Aspire

Further References

1. How to redirect when a session expires in Aspire for Build 20 and above