PPM Admin Absent Member.
Absent Member.
245 views

Authentication in a customized JSP

Is there in any way we can access a customized jsp inside itg.war directly without authentication?

Can we bypass the authentication or maybe hard coded username / password?
0 Likes
10 Replies
Erik Cole Acclaimed Contributor.
Acclaimed Contributor.

Re: Authentication in a customized JSP

You can place jsp pages inside the ITG_HOME/pdf directory tree and they can be accessed without auth...
0 Likes
PPM Admin Absent Member.
Absent Member.

Re: Authentication in a customized JSP

But how can you recompile this jsp outside itg.war or dashboard.war?
0 Likes
Erik Cole Acclaimed Contributor.
Acclaimed Contributor.

Re: Authentication in a customized JSP

They just get compiled on the fly
0 Likes
Absent Member.. Jim Esler Absent Member..
Absent Member..

Re: Authentication in a customized JSP

In fact, you can add or modify jsp files within any of the subdirectories under deploy/itg.war/web/knta/ and they will be recompiled before use after the next bounce. Any changes will need to be reapplied after an upgrade, though.
0 Likes
PPM Admin Absent Member.
Absent Member.

Re: Authentication in a customized JSP

@Erik
Have you tried adding jsp in this folder? When I add my code in this folder it doesn't get recompile by itself.

@Jim
The idea why we need to add this jsp file outside itg.war is to bypass authentication. Is there any way you know or suggest that we can do to comply in that requirement?

Thanks
0 Likes
Absent Member.. Jim Esler Absent Member..
Absent Member..

Re: Authentication in a customized JSP

We added a button on the login page that opens a specific request form without having the user log in. This is done by hardcoding a user name and password in the form containing that button. This user name has very restricted access that limits it to the one specific activity.
0 Likes
PPM Admin Absent Member.
Absent Member.

Re: Authentication in a customized JSP

This workaround is not possible with our environment. We've been implemented Web Remote Single Sign On. We no longer go thru PPM logon page. Besides this jsp will be access by another system thru URL and there's no human interaction. Any other workaround in mind?
0 Likes
Absent Member.. Jim Esler Absent Member..
Absent Member..

Re: Authentication in a customized JSP

PPM validation can be set on an individual user record while most users are configured for a different validation mechanism. The predefined login credentials can be (and in fact would need to be) built into the page for the URL used by the users.
0 Likes
PPM Admin Absent Member.
Absent Member.

Re: Authentication in a customized JSP

Hi Jim,

This is what I want to explore but I don't have any luck in solving the problem. Do you have any sample code for reference?

Thanks.
0 Likes
Absent Member.. Jim Esler Absent Member..
Absent Member..

Re: Authentication in a customized JSP

I am attaching a stripped down version of the page we are generating. It is derived from the code in Logon.jsp and extended as necessary to meet our needs. I have not executed this specific file so I cannot guarantee it will work as is, but it should convey the basic idea. For instance, the references to PPM files would need to either be extended to have full paths or be deleted.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.