Using default web pages to support client app login
When you deploy OpenEdge Data Object Services in a web application to a Tomcat web server, OpenEdge provides default web pages that you can use to configure web application authentication. The URIs for the following web pages (provided relative to the web application root) support the startup and user login of a client app in a way that authenticates the user prior to requesting access to protected Data Object resources, depending on the web server authentication model:
/index.html — Default public welcome page for client app startup. This page is typically unprotected and provides, or redirects access to another unprotected page that provides, a login form for the user to enter login credentials.
Caution: Protecting the welcome page, or any other page, that the client app accesses prior to user login is an atypical configuration that Progress does not recommend. For more information, see Using protected web resources.
/static/home.html — Default protected login target page provided by the web application to support HTTP Basic and HTTP Form-based authentication. (For Anonymous authentication, this page is always unprotected.) Generally, this page is not designed to be displayed as part of client app UI, but to be used as a protected web resource against which the session instance's login( ) method must authenticate prior to accessing protected Data Object resources. The client app typically provides a separate, unprotected login page for the user to enter their credentials, which are then passed to the login( ) method. (For a progress.data.Session instance only, you can also pass the URI of a non-default protected web resource to login( ).)
Note: OpenEdge protects this /static/home.html page in all web applications that it generates by configuring it for access only by users assigned the role, ROLE_PSCUser, which you can assign to users as part of configuring your web application security. For more information, see the sections on security in the administration documentation of your OpenEdge application server.
Thus, JSDO session management uses these default options to ensure that user authentication can occur prior to loading a Data Service Catalog (using addCatalog( )) and requesting access to a protected Data Object resource on behalf of a JSDO.
/index.html — Default public welcome page for client app startup. This page is typically unprotected and provides, or redirects access to another unprotected page that provides, a login form for the user to enter login credentials.