Pages that require authentication must specify the protected path in the path attribute of the appropriate action definition. For example, the following action definition for the ChangePassword page includes the same path specified in the protected-pages-path parameter in the web.xml file.
<action path="/spe/user/protected/ChangePassword" type="com.sun.idm.idmx.web.SelfServiceProcessFormAction" ...>
The login page does not require the user to be authenticated, so the path of the corresponding action does not include the protected directory:
<action path="/spe/user/Login" type="com.sun.idm.idmx.web.ProcessFormAction" ...>
The type parameter defines the class that performs the action. Some of the default actions refer to a Struts-defined subclass of the org.apache.struts.action.Action class. The following subclasses are provided with the sample user pages.
Class Name |
Description |
---|---|
ProcessFormAction |
Allows access to the Waveset forms engine. This action can take a view handler class, a form name, and a page processor class (in that order) as parameters. See Specifying an Action Type for more information. |
SelfServiceProcessFormAction |
A subclass of ProcessFormAction that is used for self-service operations, such as changing passwords or user IDs. |
RelayAction |
Redirects the client to a page after the user has acknowledged a successful operation result, such as a successful password change. Since all confirmation pages use a single content tile (OperationResult.jsp), an action forward name is set in a hidden field when the content tile is generated. See OperationResult Relay Definition for more information. |
LogoutAction |
Invalidates the current user session. |
The parameter attribute defines arguments that are passed to the class specified in the type attribute. If the type attribute is ProcessFormAction or SelfServiceProcessFormAction class, then the value may contain the following options, none of which are mandatory. The options must be specified in the order listed and be separated by commas.
The viewer class, such as IDMXUser or IDMXLookupUsername.
The form name or ID.
The page processor class.
Each of these options are described below.
If the action type is a class other than ProcessFormAction or SelfServiceProcessFormAction, then the value specified in the parameter attribute must match the requirements of the class.
The string secure.
This parameter is optional. If it is specified, the server always processes page requests using HTTPS.
The following viewer classes may be specified if the type attribute is ProcessFormAction or SelfServiceProcessFormAction class:
IDMXUser— The primary Service Provider view. See IDMXUser View Reference for detailed information about this class.
IDMXLookupUsernameViewer— Returns a user name that matches the attributes specified in the lookup-attributes attribute in the SPEUserPages configuration object. See SPEUserPages Configuration Object for more information about the lookup-attributes attribute.
IDMXUserQuestionViewer— Manipulates the authentication questions.
IDMXNoop— An empty view handler that provides ability to render a form without any required view schema. This requires a form name passed in through the ViewConstants.OP_FORM option.
The form argument may contain a form defined in Waveset. If no form is specified, viewer class uses the default form.
The default page processor is com.waveset.ui.util.GenericEditForm class. The IDMXUserForm class, a subclass of GenericEditForm , is a custom page processor that allows sending email notifications. Email notifications can be enabled or disabled for each in the sample end user pages. In turn, the IDMXUserForm has the following subclasses:
Subclass |
Description |
---|---|
ChangeAuthenticationAnswersForm |
If email notification is enabled and the authentication answers have been successfully updated, then an email is sent to the user using the “Service Provider End-User Authentication Answers Updated” template. The class also records an appropriate audit event. |
ChangeNotificationsForm |
If email notification is enabled and the notification address has been successfully updated, then emails are sent to both the old and the new address using “Service Provider End-User Change Notifications” and “Service Provider End-User Change Notifications Old Address” template respectively. The class also records an appropriate audit event. |
ChangePasswordForm |
If email notification is enabled and the password has been successfully changed, then an email is sent to the user using the “Service Provider End-User Change Password” template. The class also records an appropriate audit event. |
ChangeUserIdForm |
If email notification is enabled and the user name has been successfully changed, then an email is sent to the user using the “Service Provider End-User Change User Id” template. The class also records an appropriate audit event. |
EnrollmentForm |
If email notification is enabled and registration has been successfully completed, then an email is sent to the user using the template “Service Provider End-User Registration Template”. |
ResetPasswordForm |
If the password.reset-mode attribute in the SPEUserPages object is set to self, then when the user answers all the required authentication questions, the password is reset with this class. |
The following table lists the additional subclasses of GenericEditForm.
Subclass |
Description |
---|---|
UserQuestionForm |
This page processor class is used when the user forgets his password and attempts to login using authentication questions. If email notification is enabled and authentication questions has been successfully answered, then an email is sent to the user using the template “ |
LoginForm |
LoginForm adds the errors the AuthFilter encountered to the login page. |
In the following example, a view handler and a custom form are specified, but no page processor class is set. (The default GenericEditForm class processes this page.)
<action path="/spe/user/ForgotUsername" type="com.sun.idm.idmx.web.ProcessFormAction" parameter="IDMXLookupUsername,#ID#UserForm:IDMXForgotUsernameForm,">
The following example shows an action with a view handler (IDMXUserQuestion ) and a page processor (UserQuestionForm) specified, but no form name was given. The view handler will use the default form:
<action path="/spe/user/LoginWithQuestions" type="com.sun.idm.idmx.web.ProcessFormAction" parameter="IDMXUserQuestion,,com.sun.idm.idmx.web.UserQuestionForm">
The secure parameter forces the server to use HTTPS regardless of the last action's response. Add this parameter as the fourth parameter to force the action to use HTTPS:
<action path="/spe/user/Login" type="com.sun.idm.idmx.web.ProcessFormAction" parameter="IDMXNoop,#ID#UserForm:IDMXLoginForm,com.sun.idm.idmx.web.LoginForm,secure"> <forward name="success" path=".page.Login"/> <forward name="post" path="/spe/user/Login.do" /> <forward name="next" path="/spe/user/protected/Home.do?newView=true" /> <forward name="cancel" path="/spe/user/Login.do" /> </action>
If your servers do not use port 80 for HTTP or port 443 for HTTPS, modify WEB-INF/web.xml to include the following context parameters:
<context-param> <param-name>listenPort_http</param-name> <param-value>7001</param-value> </context-param> <context-param> <param-name>listenPort_https</param-name> <param-value>7002</param-value> </context-param>
The above code sample tells Struts to use port 7001 for HTTP and port 7002 for HTTPS.
The forward elements in the action definitions tie the sample pages together. The following table lists the most commonly used forward definitions:
Name |
Description |
---|---|
success |
Specifies the page to display if there is no error processing the action. |
post |
Posts the form to the specified location. |
next |
Specifies the action to take after a successful form posting,. |
cancel |
Specifies the action to take if a user clicks a cancel button on a form. |