Wednesday, February 14, 2018

How PRPC URL takes us to portal via PRBasic Authentication

PRBasic Authentication:

When user hits PRPC URL,
 http://localhost:8080/prweb/PRServlet
  1. how user would be redirected to PRPC login page.
  2. how credentials would be validated, when user enters credentials and hits Submit
  3. how user would be redirected to Designer Studio when logged in via developer access
Step by Step illustration:

#1 how user would be redirected to PRPC login page :

Servlet mapping would be checked first.
In your applicaiton server : example if it is tomcat, in web.xml you could find this servlet name with pattern PRServlet : and servlet definition for WebStandard.

Servlet Name: WebStandard
AuthenticationType: PRBasic
web.xml:\tomcat\webapps\prweb\WEB-INF\web.xml

AuthenticationType is set to PRBasic by default. For any other authenctaion schemes(PRCustom, PRSecuredBasic, PRExtAssign, J2EEContext) we have to pass the authentication scheme as the param-value (syntax highlighted in below screenshot).


#2 From above code, code would run and continue with initializing the browser type requestor. 
     
At this point, user who made the hit to browser is still unauthenticated. And now it should form an unauthenticated requestor. 

Requestor = Hash of (Access Group) // Access group is mandatory to form requestorID. 

i.e. the reason we have requestor type (Browser) rule with PRPC:Unauthenticated as the access group, which would support guest access. 

 And the starting activity of authentication would be specified in Activities tab of Requestor type : by default it is Code-.Web-Start (as highlighted below).



Activity Web-Start has JAVA code to present authentication challenge.







Ths is Pega Engine code, where pega presents challenge to the user (default rule used here with BASIC authentication is : Web-Login HTML Stream).
To understand Java code, we can check in Pega Engine API from designer studio, which would give an insight on what it does: pega.getAuthenticationHandle().presentAuthentication()

To check if you are following, lets cross question (Q/A):

Q : How unauthenticated requestor got access to the rule Code-.Web-Start ?
A :In the PRPC:Unauthenticated access group, you could notice PegaRULES:Guest access role, which grants access to Code- class, so we are able to run the activity with the guest access.







#2 how credentials would be validated, when user enters credentials and hits Submit

Username, password entered would be verified against the database table {Data-Admin-Operator-ID}
Once the credentials matches, then user would be redirected to the application. 
Note: {Data-Admin-Operator-ID} represents db table for this class Data-Admin-Operator-ID. 

Note: Once user is authenticated, we can see the authenticated requestorID. This we can observe, if we remote trace second unauthenticated session during login with the help of other PRPC session of the same instance. 

#3 how user would be redirected to Designer Studio when logged in via developer access
Once user is authenticated, we have activity (Data.Portal-ShowDesktop) which would display the portal to us. 



This activity would redirect us to the portal we are entitled to. Example it would open Designer Studio (if user is having access to developer portal).

We saw the steps right from hitting the PRPC URL to the point where we logged into portal i.e from unauthenticated requestor => to an authenticated requestor. 

Hope this helps!!!
Feel free to comment/share the same. 


7 comments:

  1. It will be good if u shared the answers in Food for Thought section

    ReplyDelete
    Replies
    1. Hi Deepa, Thanks for valuable feedback. I would definitely share answers for "Food for Thought" section soon.

      Delete
  2. Hello Pavan, if we do some modification in Web.xml file. Can we change the link localhost:8080/prweb/PRServlet and how to do it.

    ReplyDelete
  3. Hi Ravi,

    Yes we can change the Servlet name in the link. For example, we can have our own servlet name instead of PRServlet.

    http://localhost:8080/prweb/MyOwnPRServlet
    instead of
    http://localhost:8080/prweb/PRServlet

    I will give you step by step in other post.

    ReplyDelete
  4. HI Pavan, Can you elaborate on this?"Once user is authenticated, we can see the authenticated requestorID. This we can observe, if we remote trace second unauthenticated session during login with the help of other PRPC session of the same instance." How do we know which Browser session to trace, if there are multiple?

    ReplyDelete
    Replies
    1. Hi Reshmi,
      Below is the article how you can achieve the same via admin studio: http://www.howtopega.info/2020/05/trace-unauthenticated-requestor-from.html

      Delete
  5. Hi Pavan,
    Thanks for the expalnation.
    For the PRBasic authentication this is the the HTML that need to be shown to end customer. Where it is mentioned? If it is in Enginer API, is there a way that I can look into that code. Please let me know.

    ReplyDelete


HowToPega : All rights reserved and the contents are copyrighted to Pavan Kumar Naidu