Using Gitkit with Tomcat/JEE?

[Kevin Kovach]

I've been beating my head against the wall for a couple of days trying to get Gitkit to play nice with Tomcat and have become frustrated. I've gone through the docs and quick start app a couple times and I've got the widget working without any security configured, but once I add a security constraint and login config things get complicated.

Is anyone doing this? Can anyone recommend or provide additional docs on this type of thing?

Here are more details on a couple of the issues I've encountered...

1. I've configured my login config to point to a servlet that will redner my gitkit widget ( /context/gitkit?mode=select ) which I thought makes sense to me. So, when I try to access a secure url I am presented with the login widget. Here's an example from my web.xml

<security-constraint>

    <web-resource-collection>

        <web-resource-name>Protected Area</web-resource-name>

        <url-pattern>/admin/*</url-pattern>

        <http-method>PUT</http-method>

        <http-method>DELETE</http-method>

        <http-method>GET</http-method>

        <http-method>POST</http-method>

    </web-resource-collection>

    <auth-constraint>

        <role-name>manager</role-name>

    </auth-constraint>

</security-constraint>

<security-role>

    <role-name>manager</role-name>

</security-role>

<login-config>

    <auth-method>FORM</auth-method>

    <form-login-config>

        <form-login-page>/gitkit?mode=select</form-login-page>

        <form-error-page>/error.jsp</form-error-page>

    </form-login-config>

</login-config>

Only, I get the pop-up that complains about not having a mode query parameter. The problem is that the Javascript tries to pick the mode out of the URL but the URL does not change from the requested secure url to the one I have configured for the widget.

If I request http://www.mydomain.com/context/admin/index.jsp I get the widget, but this URL remains as my current location. So, the Javascript does not pick up the mode. I was actually able to work around this with some hacky Javascript that adds the mode to the current location if not present, but I would prefer not to do so if there's a better way?

2. The second issue was the redirect_uri in the call to https://accounts.google.com/o/oauth2/auth that is all generated for me after selecting my google account from the accountchooser.com widget. That redirect_uri is also the original secure http://www.mydomain.com/context/admin/index.jsp URL which is not the one that I configured in the "Authorized redirect URIs" section of the Developer Console for my app. The user could request one of many secure urls that he will be redirected back to in this scenario. I can't imagine I'm expected to register them all? There must be something that I'm missing or not understanding here.

If instead I navigate directly to the widget url everything seems to work fine. It is only when I start adding in tomcat security that I start running into issues. I've not been able to find any further documentation or examples that include this kind of thing.

Any help, advice, or more docs are appreciated. Thanks.

- Kevin