10.5.6 Configuring a Form Fill Policy for Forms With Scripts

The Form Fill policy created for Access Gateway works well with forms that contain a Submit button whose onclick action submits the form data to the web server without executing any JavaScript or VBScript. However, when HTML forms contain complicated JavaScript or VBScript, Form Fill for that form fails.

For example, single sign-on by using the Form Fill policy to fill and autosubmit a form fails if the Submit button or the login button requires execution of a JavaScript function before submitting the form data to the web server.

The following sections explain why Form Fill fails with the Form Fill policy when the HTML form contains complicated JavaScript. This section also describes the procedure to configure a Form Fill policy for such forms.

Why Does Form Fill Fail with the Default Policy?

This section explains the process that takes place when a client requests a form that is configured with the Form Fill policy as described in Section 10.5, Form Fill Policies.

Figure 10-10 Sample Login Form with JavaScript

When Access Gateway is configured with the default Form Fill policy, it adds the following function to the Login page received from the web server. The bold text indicates where JavaScript is called.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--Generated by Apache Software Foundation (Xalan XSLTC)-->
<html class="detail/detail">
<head>
     <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
          <script type="text/JavaScript">
             /*SET up global vars*/
            //all the variable declaration
     
          <script type="text/JavaScript">              function dvdRegisterSelect() {                     }           </script>
     <title>Login Page</title>
</head>
<body id="tpz_body" style="width:99%; "onload="tpzOnLoad('login.prompt.g'); window.status='login.prompt.g'; ContextMenu.setup({'showForms':true}); ContextMenu.attach('detail/detail', 'cwc_optionsMenu_detail')" onfocus="window.status='login.prompt.g'" >

       <script type="text/JavaScript">           var arReenable = new Array();           function enableAll() {return reenableControls(arReenable);}        </script>

      <script type="text/JavaScript">          //all the variable declaration          function verify( f, bSubmitToSelf ){ return verifyFields                                (bSubmitToSelf,"\n");}      </script>
   <div>
      <a title="Login" class="tabSelected">Login</a>
   </div> 
      <form name="topaz" id="topaz" method="post" action="detail.do"                                                                                                                                                onsubmit="enableAll();return verify(this,true);">
<input type="hidden" name="focus" id="focus" value="var/user.id">
<input type="hidden" name="focusContents" id="focusContents" VALUE="testuser1" >
<input type="hidden" name="focusId" id="focusId" VALUE="X2" >
<input type="hidden" name="formname" id="formname" VALUE="login.prompt.g">
<input type="hidden" id="clientWidth" name="clientWidth" VALUE="1473" >
    <script type="text/javascript">         function printThisView(){tpzPrintDetail();}      </script>

<input type="text" id="X2" name="var/user.id" dvdVar="" onclick="handleOnClick(this,event);"  VALUE="testuser1" scripttype="text">
<input type="password" id="X5" name="var/old.password" dvdVar="" onclick="handleOnClick(this,
event);" " VALUE="novell081" >
<input type="button" name="0" id="X8" ButtonID="0" title="Login Page" value="Login" onclick="tpzDrillTable('', 'Login', '0','listdetail')" >
<input type="button" name="3" id="X9" ButtonID="3" title="Exit Login Page" value="Cancel" onclick="tpzDrillTable('', 'Cancel', '3','listdetail')" >
</form>

       <script language="JavaScript">           <!--              function LAGSubmitForm()                   {             document.forms[0].submit();                   }             LAGSubmitForm();           //-->        </script>
</body>
</html>

In this code, the LAGSubmitForm() function calls the default submit action of the form, which uses a POST request to send the data to the web server. But the submit action for the sample login form requires a JavaScript function to be executed. This function submits the form data to the web server. However, because the JavaScript is not executed by the default Form Fill policy, posting of the form data fails:

row=&__x=&thread=0&event=0&transaction=0&type=detail&focus=var%2Fuser.id&focusContents=testuser1&focusId=X2&focusReadOnly=&start=&count=&more=&tablename=&window=&close=&_blankFields=&_uncheckedBoxes=&formchanged=&formname=login.prompt.g&_multiSelection=&_multiSelection_tableId=&clientWidth=1473&var%2Fuser.id=testuser1&var%2Fold.password=novell081&var%2FL.language=en&0=Login&3=Cancel

Meanwhile, the browser expects to receive the following POST request and does not autosubmit the form:

row=&__x=&thread=0&event=0&transaction=0&type=detail&focus=var%2Fuser.id&focusContents=testuser1&focusId=X2&focusReadOnly=null&start=&count=&more=&tablename=&window=&close=&_blankFields=&_uncheckedBoxes=&formchanged=&formname=login.prompt.g&_multiSelection=&_multiSelection_tableId=&clientWidth=1217&var%2Fuser.id=testuser1&var%2Fold.password=novell081&var%2FL.language=en

Note the difference in POST requests sent to the browser. The first POST request has &0=Login&3=Cancel appended, which results in login failure.

For the browser to send the proper POST data, Access Gateway must add the following JavaScript statement to the Statements to execute section:

tpzDrillTable('','Login','0','listdetail');

Understanding How a Form Is Submitted

You can configure the Form Fill policy to submit the form in the following ways:

  • Manual Submit: When a form is configured for manual submission, all fields configured in the Form Fill policy are automatically filled by Access Gateway for the user. The user must then manually click the Submit button in the form to submit the form to the web server protected by Access Gateway.

  • Autosubmit: When Autosubmit is configured, the actual form is processed in such a way that all additional scripts not required to submit the form data to the web server are removed. A temporary form is created on runtime with necessary form data in hidden format and with an additional LAGSubmitForm() function as follows:

    function LAGSubmitForm()
{
executeJavaScript();
}
LAGSubmitForm();

    In this example, executeJavaScript() is the function that executes the JavaScript or the VBScript statements configured in the Statements to execute section. If statements to be executed are present, you can also find the function definition for executeJavaScript() as follows:

    executeJavaScript()
{
document.forms[0].submit();
}

    In this example, form[0] is the single form in the HTML page and submit is the default action associated with the submit or login button of the form that automatically submits the form to the web server. This approach works for forms where the default action of the Submit button is to submit a POST request for the form data.

  • Autosubmit with Masking: When Autosubmit with masking is enabled for a form, the form data is submitted automatically to the web server, but the data sent to the web browser over the network is masked for additional security.

  • Submitting with the help of advanced options: If the form requires execution of JavaScript when the form is submitted, you cannot use the Autosubmit options. This also means that single sign-on is disabled.

    To create a policy that allows autosubmitting for this type of form, you need to create a policy as described in Creating a Form Fill Policy for Autosubmission and create two advanced options as described in Configuring the Advanced Options for Autosubmission.

Creating a Form Fill Policy for Autosubmission

  1. Click Policies > Policies.

  2. Select the policy container, then click New.

  3. Specify a display name for the policy and select Access Gateway: Form Fill for its type.

  4. (Optional) Specify a description for the Form Fill policy.

  5. In the Actions section, click New, then select Form Fill.

  6. In the Form Selection section, select Form Name and specify topaz in the text box.

  7. In the Fill Options section, specify all the input fields and select the options that you want.

  8. In the Submit Options section, select Auto Submit.

  9. Select Enable JavaScript Handling.

  10. Select Functions to Keep, then specify the JavaScript functions that need to be retained when the form is being automatically submitted. For the example form, specify the following functions:

    function dvdRegisterSelect()
function enableAll()
function verify(f, bSubmitToSelf)
function printThisView()
function tpzDrillTable(a,b,c,d)()

  11. Click OK.

  12. Select Statements to Execute and specify the form action that needs to be performed when the form is submitted. For the sample form, specify the following statement:

    function executeJavaScript()
{
    tpzDrillTable('','Login','0','listdetail');
}
executeJavaScript();

    You must perform this step to execute the functions configured in the Functions to keep section because Access Gateway does not process HTML to include the LAGSubmitForm() function.

  13. Click OK.

  14. On the Policies page, click Apply Changes.

Configuring the Advanced Options for Autosubmission

When HTML forms contain complex JavaScript or VBScript, you must enable the following two advanced options:

  • #NAGGlobalOptions InPlaceSilent=on: To enable single sign-on to websites that require the login page to remain as is without any modifications to its structure.

  • #NAGGlobalOptions InPlaceSilentPolicyDoesSubmit=on: To enable form fill in HTML pages with complex JavaScript or VBScripts.

To enable these options:

  1. In the Administration Console, click Access Gateways > Edit > Advanced Options.

  2. Add the following in the Advanced Options list:

    NAGGlobalOptions InPlaceSilent=on
    NAGGlobalOptions InPlaceSilentPolicyDoesSubmit=on

  3. Click OK.