Opened 9 years ago

Closed 7 years ago

#1021 closed defect (fixed)

Avoiding login window in an application using flexible fusion weblayout

Reported by: msuing Owned by:
Priority: high Milestone: 2.2
Component: Fusion Templates Version: 2.0.2
Severity: blocker Keywords:
Cc: External ID:

Description

When we first access a flexible weblayout, a login window always appears on top of the application, which is a showstopper for an Internet application. A workaround propsed by DM solutions is to integrate the viewer in a frame or an iframe to initialize the session before the weblayout is called (the session id is passed in the URL with the parameter &SESSION=…).

This workaround (php attached) works well for Internet Explorer and Google Chrome, but for Firefox, this login window cannot be over-passed.

After a quick investigation, I have found in ../fusion/lib/fusionSF.js, after line 10499, the following code :

this.body = this.method == 'post' ?

(this.options.postBody
params) : null;

this.transport.send(this.body);

Force Firefox to handle ready state 4 for synchronous requests if (!this.options.asynchronous &&

this.transport.overrideMimeType) { this.onStateChange();

}

It doesn’t seems to work since the first unsuccessful request returns in Firebug : Host w2k8sfra32 User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3 .5.30729) … Referer ../fusion/templates/mapguide/CG67siteweb/index.html?session=4e34465c-3d53-102c-8000-000c29d489a8_en_7F0000010AF20AF10AF0 &APPLICATIONDEFINITION=Library://CG67_SIGWEB/Weblayouts/wl_CG67_cantons_elus.ApplicationDefinition

And the second successful one, after authentication : Host w2k8sfra32 User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3 .5.30729) … Referer ../fusion/templates/mapguide/CG67siteweb/index.html?session=4e34465c-3d53-102c-8000-000c29d489a8_en_7F0000010AF20AF10AF0 &APPLICATIONDEFINITION=Library://CG67_SIGWEB/Weblayouts/wl_CG67_cantons_elus.ApplicationDefinition Authorization Basic QWRtaW5pc3RyYXRvcjphZG1pbg==

Which means that the authorization hasn’t been generated despite the session creation, in the preliminary step.

Max

Attachments (1)

viewer.php (814 bytes) - added by msuing 9 years ago.
Viewer.php for the php session initialization

Download all attachments as: .zip

Change History (8)

Changed 9 years ago by msuing

Attachment: viewer.php added

Viewer.php for the php session initialization

comment:1 Changed 8 years ago by poulet1212

I confirm I had the same behaviour:

I feed Fusion with the a session Id that I built by myself (with Anonymous account) (either in Param &SESSION or in Fusion.initilize(option)). With IE it works, the page loads with displaying the login box again. But with FF, the login box displays again.

comment:2 Changed 8 years ago by poulet1212

Resolution: worksforme
Status: newclosed

Ok, after a little time I think I've found the problem:

Look at ApplicationDefinition?.js method:getAppDef, about the line 144.

This method will request the application definition from the server via the mapagent GETRESOURCECONTENT service.

If you supply a session param, I'm afraid the following line will suppress it, and because Mapagent will not receive the session parameter, it will simply request it.

if (xhr) {

this.sessionId = xhr.responseText; Fusion.sessionId = this.sessionId;

}

The fact is in Firefox, the xhr value exists, but responseText is null, so the next line will cause Fusion.sessionId = null. That's it.

To correct that, simply change the lines this, so that responseText must not be null to change the session Id:

if (xhr){

if(xhr.responseText){

this.sessionId = xhr.responseText; Fusion.sessionId = this.sessionId;

}

}

comment:3 Changed 8 years ago by tomfukushima

Resolution: worksforme
Status: closedreopened

comment:4 Changed 8 years ago by liuar

I have a new proposal to implement the ticket.

  1. Fusion already have a PHP file to create session named CreateSession?.php in \fusion\layers\MapGuide\php, so I think we can reuse this PHP rather than create a new one(reviewer.php).
  2. Create a session before the first request send to the server to avoid the 401 Unauthorized dialog. In current version of Fusion, the first request is getting commercial api in application definition from Server. So we can create the session there rather than replace all MapGuide templates with reviewer.php.
  3. For the non-MapGuide users and developers, they can override the pre-created session with their specified one (browser URL or constructor). So this pre-created the session will not break other functions in MapGuide.

I have tested the code in IE, FF, Chrome and Safari and it works. Beside that, it can resolve the http://trac.osgeo.org/fusion/ticket/300 which trapped us for a long time.

This is the implementation http://trac.osgeo.org/fusion/attachment/ticket/300/fusion.patch. Would you please review it and give me your suggestion?

Thanks,
Arthur

comment:5 Changed 8 years ago by poulet1212

I think both mechanisms of passing session value through url and Fusion init should be kept. Therefore the little code review above is required.

Then, I think it's not very nice that mapguide displays at first time a login box and therefore your remark makes sense, it could log in with the "Anonymous" account by default.

The only problem with that is noboby will be able to log in with a different account than "Anonymous", because the login box doesn't appear. A login widget would be a solution for this.

comment:6 Changed 8 years ago by jbirch

Has this fix been applied? If so, please close the ticket. If additional functionality is desired by anyone please enter as enhancement ticket(s).

comment:7 Changed 7 years ago by zspitzer

Resolution: fixed
Status: reopenedclosed

the fusion ticket is closed, the patch was committed, closing

Note: See TracTickets for help on using tickets.