Code Explanation for Scenario: Displaying Different Start Pages based on User Group

In this customization scenario, you create both a custom ESM and a custom log-in page. The custom ESM overrides the handlesAuthenticationRequest method with custom code that invokes a custom login page. It also overrides the getCustomLoginURL method so that it returns a URL that points to the custom login page. The custom login page contains the logic to determines the user group to which the current user belongs and to open the appropriate start page for that user group.



Custom ExternalSecurity java class  (called in the corresponding scenario)


A generic explanation of how to create the custom ESM code required to perform this customization is provided below. The code is explained in sections, with the explanation preceding each section of code.



package com.microstrategy.sdk.samples.externalsecurity;



import com.microstrategy.web.beans.RequestKeys;

import com.microstrategy.web.platform.ContainerServices;

public class DiffStartPages extends AbstractExternalSecurity {




   * Override handleAuthenticationRequest to return ExternalSecurity.USE_CUSTOM_LOGIN_PAGE;


  public int handlesAuthenticationRequest(RequestKeys reqKeys, ContainerServices cntSvcs, int reason)


      return ExternalSecurity.USE_CUSTOM_LOGIN_PAGE;





   * Return the URL of the custom login page.


  public String getCustomLoginURL(String originalURL, String desiredServer, int desiredPort, String desiredProject)



      /* The custom login page should have a login form where user can input login credentials.

       * After user submit the login form, the custom login page should create MicroStrategy Web IServer Session,

       * redirect to MicroStrategy page and have the session manager state in the URL using "usrSmgr" parameter.


       return "http://localhost:8080/MicroStrategy/_custom/jsp/DiffStartPagesCustLoginPage.jsp";






Custom login page   (called DiffStartPagesCustLoginPage.jsp in the corresponding scenario)


A generic explanation of how to create the custom login page required to perform this customization is provided below. The code is explained in sections, with the explanation preceding each section of code.


<%@ page import="com.microstrategy.web.objects.*" %>





  //This url points to your MicroStrategy Web's desktop page.

  String mstrDesktopURL="http://localhost:8080/MicroStrategy/servlet/mstrWeb?evt=2001";


  String errorMsg = "";

  String sessionState="";



  if("CustomLogin".equals(request.getParameter("CustomLogin"))) {


  //If the request comes from the custom login form, create session.

      String server = request.getParameter("Server");

      String project = request.getParameter("Project");

      String uid = request.getParameter("Uid");

      String pwd = request.getParameter("Pwd");



      WebObjectsFactory lFactory = WebObjectsFactory.getInstance();

      WebIServerSession lISS = lFactory.getIServerSession();



      try {







            //standard authentication



            //save the minimal session state



Note:  Since groups can be nested, to fully enumerate every group to which this user belongs, you would need to recursively go up the tree of parents.  However, to keep this sample simple, we have not done that here.


            WebObjectInfo lUserOI = lISS.getUserInfo();

            WebUser lUser = (WebUser) lUserOI;

            WebUserList lParents = lUser.getParents();



            for(Enumeration lEnum = lParents.elements() ; lEnum.hasMoreElements() ;)


              WebUserEntity lUserEntity = (WebUserEntity) lEnum.nextElement();

              String lGroupName = lUserEntity.getName();


Note:  Because search time depends on project size, the recommended practice is to limit this search to a subset if possible.


              WebSearch lWS = lFactory.getObjectSource().getNewSearchObject();




              SimpleList lTypes = lWS.types();





Note:  It is possible that the search will return several entries with the target name. In this simple sample, the first one is picked arbitrarily. However, a real application would need to have a more intelligent process for selecting the appropriate match.


              WebFolder lWF = lWS.getResults();



                mstrDesktopURL += "&folderID=" + lWF.get(0).getID();





Note:  A real application would handle errors more intelligently.


      catch(WebObjectsException e)


          errorMsg = e.getMessage();





  if (!"CustomLogin".equals(request.getParameter("CustomLogin")) || !"".equals(errorMsg)) {

  //If the request is not coming from the custom login form, or there is error during creating session, show the login form.



        <h3>My Custom Login Form </h3>


        <form action="" id="loginForm" name="loginForm" method="post">

        <input type="hidden" name="CustomLogin" value="CustomLogin" />

        <label for="Server">Server name:</label> <input value="" type="text" class="txt" name="Server" id="Server"/><br/>

        <label for="Project">Project name:</label> <input value="" type="text" class="txt" name="Project" id="Project"/><br/>

        <label for="Uid">User name:</label> <input value="" type="text" class="txt" name="Uid" id="Uid"/><br/>

        <label for="Pwd">Password:</label> <input type="password" class="txt" name="Pwd" id="Pwd"/>

        <input value="1" type="hidden" name="ConnMode" id="ConnMode"/> <br>

        <input value="Login" type="submit" class="btn" name="3054" id="3054"/>







        //If the session is created successfully.


        <body  onload="submitform()">


        <%-- hidden form --%>

        <form name='loginForm' action='<%=mstrDesktopURL%>' method='post' >


            <input type='hidden' name='usrSmgr' value='<%=sessionState%>' >



        <%-- the JavaScript does the submit action on the hidden login form--%>

        <SCRIPT language="JavaScript">

        function submitform()