How to fix UI app showing dialog for username and password?

In v4.2.x, as part of security tightening, some fixes were done in the area of cookie handling. Unfortunately, these security fixes have the potential to break existing proxy rules/settings. If this is the case, then users will notice there will be no app cookies stored in the browser.

To resolve this issue please follow below steps

Way 1: When Apache is used as a proxy server.

Step 1: Update the front end server (Apache) proxy setting as below. The example given below is for the Apache webserver. 

ProxyPass /<instance-name1>/ "ajp://<tomcat-ip-addr>:8009/<instance-name1>/"
ProxyPassReverse /<instance-name1>/ "ajp://<tomcat-ip-addr>:8009/<instance-name1>/"
ProxyPass /<instance-name2>/ "ajp://<tomcat-ip-addr>:8009/<instance-name2>/"
ProxyPassReverse /<instance-name2>/ "ajp://<tomcat-ip-addr>:8009/<instance-name2>/"

Example:

ProxyPass /openspecimen-test/ "ajp://127.0.0.1:8009/openspecimen-test/"
ProxyPassReverse /openspecimen-test/ "ajp://127.0.0.1:8009/openspecimen-test/"
ProxyPass /openspecimen-prod/ "ajp://127.0.0.1:8009/openspecimen-prod/"
ProxyPassReverse /openspecimen-prod/ "ajp://127.0.0.1:8009/openspecimen-prod/"

Step 2: Restart the webserver (Apache).

Step 3: Change the "Application URL" in settings as below:

https://<domain-name>/ => https://<domain-name>/<instance-name>/

Ex: https://test.openspecimen.org/ => https://test.openspecimen.org/openspecimen-test

Way 2: When Tomcat is used as a front end server and Tomcat settings don't allow sending cookies to the server.

OpenSpecimen UI uses a browser's file download functionality to download the files. The browser has no idea of our auth tokens. Therefore we need to make some way for the browser to send the auth tokens to the server. This is done by using cookies. If Tomcat settings don't allow sending cookies then file download won't work out of the box. It will popup the authentication modal every time you download the file.

Step 1: Secure="True" does not allow the browser to store cookies. Change the Secure attribute value from "True" to "False".

<Connector port="8081" 
  protocol="HTTP/1.1"               
  connectionTimeout="20000"                
  Secure="True"                
  redirectPort="8443" />

Step 2: Restart the Tomcat.

Note: Make sure Application URL = Access URL.