I have a JSF 2.0 application that is used for creating accounts using Self Registration. On the first page, there are fields like name, email, uid etc. Typical to any registration, we show the confirmation page, (other custom pages as well in between) and the final success page. Each page is rendered in JSF using the faces-redirect=true so there are 3-4 pages(facelets) in the entire process. In this application, I use a SessionScoped backing bean to show the middle pages/confirmation page/final page etc. After the registration is complete, I clear the SessionScope bean from session and invalidate the session.
The problem is:
The confirmation page/middle page etc. show the User details that the User entered from the first page(using the EL from the backing bean: #sessionBean.firstName etc.). So, if the User enters this URL in the browser directly (host/appName/confirmationPage.xhtml), the page loads with blank values (as the User did not go to the first page directly). Also, after the registration is complete, if the User clicks on the back button blank values show up (no-cache is explicitly set in the filter class, so cache is not used here which is the correct behavior)
How do I force the User to go to the first page if the firstName etc. is not present. i.e. when the User lands up on a page, make sure that User landed on this page only through the first page in this session?
Should a filter class be used? Or should a prerenderview event be used to check for blank values and redirect them to the first page? There is no "User Login" here as there is no authentication. I believe this is a common use-case and I would like to know if there is any best practice in JSF
Related
I have a page in Squarespace that I only want viewable after someone inputs their contact information. For example, I would create a Form Block, and then direct them to the otherwise locked page so they can view for that session. But if they close the window, they would need to re-enter their information (Name + Email).
lets say the address to the otherwise unviewable page is www.website.com/access
Once the viewer puts in their Name + Email and hit submit, they can see the /access page. If they do that and say share the address with someone who has not entered in their information, then they would get the Form Block where they need to enter their information.
Is there a way to do this in Squarespace? Would that need to be done with some sort of PHP Session that can be injected into the header of the specific page?
Ideally it would be like if they could see the page which is normally hidden, but of course unless they are an admin, the page is not viewable to the public.
Squarespace doesn't support PHP since it uses JSON template, so you can't create a session there. Please refer to this page: https://support.squarespace.com/hc/en-us/articles/205815358-Custom-code-FAQ
The only option to achieve this will be to create a cookie via JS and redirect if there is no cookie. The page will be still accessible if you turnoff the JS.
Please have in mind that SquareSpace is very limited when it comes to this kind of changes.
Salon owners can create an account with their salon information on our platform and they get a page that they can use as a tab app.
I want to be able to serve all these pages from one app instead of having to install each one seprately and I also want to make the life of the salon owner easier by helping them to install the tab.
I know about the link I can create to help them install the app and I know that when a visitor visits the app that facebook will send the page ID. So far so good.
https://developers.facebook.com/docs/appsonfacebook/pagetabs/
But how do I make sure that when the salonowner follows the link to install the app that I get the page ID back (through callback or other) so that I can register which page ID belongs to which salon account.
I've read sone 2011 article about a callback but I can't find any recent info on this.
I think it should be possible as a lot of sites offer easy fb apps to businesses.
Any help would be welcome!
EDIT: Could this last piece of info in the Facebook link above be used to do this? I don't quite get it yet.
In addition, your app will also receive a string parameter called app_data as part of signed_request if an app_data parameter was set in the original query string in the URL your tab is loaded on. It could look like this: "https://www.facebook.com/YourPage?v=app_1234567890&app_data=any_string_here". You can use that to customize the content you render if you control the generation of the link.
Well... Preventing users from adding your application to their page is impossible. You can't prevent that.
What you will be able to do is to detect who has added your application and according to that, change the content (or not display it at all). So you'll have to start with a list of "allowed" page_ids to match to the accounts you want.
Your application will receive a signed_request each time a user arrives at your application (within a page). Inside that signed_request is information not only on the user but also on the page that the application is on (provided it is a page tab app).
Once you have obtained the signed_request, it will hold a page key which contains:
A JSON object containing the page id string, the liked boolean (set to
true if the user has liked the page, false if not) and the admin
boolean (set to true if the user is an admin of the page, false if
they're not). This field is only present if your app is being loaded
within a Page Tab.
So you'll be able to access the page_id from within this variable and make a decision on the type of content you want to be displayed.
Ok, after running some tests I found out that when you add a URL as 'next' parameter to the install URL Facebook will send the admin(user) back to this URL while adding an array to the request containing all the page Id's the app was installed to.
Like this: YOUR_CALLBACK_URL?tabs_added[ID]=1
Proved to be quite easy in the end
I would like to build a customized Facebook page tab for other page owners to instal onto their Facebook pages. Each page tab will need to have its own ID in the links that lead out of the page tab in order for us to track that page activity.
For example each page tab will have a list of products that link to the relevant product pages on an external website. Each of those links will have a unique ID parameter to we can track clicks and purchases. [e.g http://www.mydomain.com/products/product123.aspx?userid=12345]
So I need to create the userid variable in the link. Possibly using GET (or Request.QueryString for asp) to receive from the initial page tab installation.
From what i can see I might be able to use the app_data parameter to pass data over to the page, but when i tried it, it didn't work.
This is what i am using to install the page tabs
[https://www.facebook.com/dialog/pagetab?app_id=YOUR_APP_ID&app_data=12345]
I thought that this will pass the userid over to the new page tab, but it doesnt seem to work.
If anyone could point me in the right direction i would be very grateful.
Cheers
From what i can see I might be able to use the app_data parameter to pass data over to the page, but when i tried it, it didn't work.
This is what i am using to install the page tabs [https://www.facebook.com/dialog/pagetab?app_id=YOUR_APP_ID&app_data=12345]
But you are aware, that appending &app_data=12345 does not mean you will get a GET parameter by the name 'app_data', right …?
The app_data will be passed as a property inside the signed_request parameter – so you’ll have to decode that one, and inside you’ll find your app_data value.
Why does 'each page tab' need to have an ID?
The Page ID should be enough for you to determine which content to show (and it's passed to your app on each page load via the signed_request, and the page ID is also passed back to your app in the callback to the pagetab dialog
You could also request manage_pages Permission from the user to determine the list of pages they administer and if your app is installed on each
I have a bunch of pages which should only be accessible when the user is logged in. So that the URLs make sense, and also so that the user may bookmark them, I have made them bookmarkable URLs in Wicket.
Now the problem occurs, that if the user comes to view these pages, but is not yet logged in. The constuctor which takes a PageParameters on my page is called.
My approach is going to be:
For all pages which should only be available logged in, but which are bookmarkable, put an if statement in this constructor to test if the user is logged in or not.
If the user is not logged in:
Store (a) this.class (b) the PageParameters in a special place in the session
setReponsePage to be my login page
In the login page, if the login is successful, check to see if these special attributes in the session are set, and if so, then setResponsePage to be the class/parameters of the desired bookmarkable URL
Is this approach correct? It seems to be a bit of extra/manual work (although not too much!), but Wicket provides a lot of useful stuff "out of the box": so my question is: is this necessary or is there some Wicket facility I'm not aware of which I can take advantage of?
You should use a IAuthorizationStrategy to protect your pages. See for example wicket-auth-roles for a simplistic roles based library.
When Wicket tries to render the page that is mapped to the bookmarked URL of the user it will notice the user is not yet logged in (since the session has no user assigned to it), store the current requested URL, redirect to the login page and wait until the user correctly signs in. In the onSubmit of your login form you then call
if(!continueToOriginalDestination()) {
setResponsePage(SomeReasonableDefaultPageLikeYourHomePage.class);
}
See for an example the Authentication example in the Wicket Examples project (online demo here)
continueToOriginalDestination will instruct Wicket to render the original URL that the user requested, if one is stored, and otherwise return false.
what is the link between backbutton and continueToOriginalDestination(). method.
how to keep url saved for continueToOriginalDestination() method while clcking browsers back button.
continueToOriginalDestination() is used when a request was (temporarily) redirected to an intercepting page, for example a login page. When a user requests a secured page but is not yet authenticated, the security framework that hooks into wicket (auth-roles, shiro, swarm/wasp) will present the user with a login page, and store the original URL. When the user has authenticated, you can call continueToOriginalDestination and Wicket will process the original request, displaying the requested secured page.
Not only security frameworks can use this, you can do it yourself by throwing a RestartResponseAtInterceptPage exception.
The back button has nothing to do with this, nor does it have any affect on the processing of the original destination page. Wicket keeps storing the original destination until a new one is set, or until continueToOriginalDestination has been called.
continueToOriginalDestination returns true when there was a page to go to, and false when the user landed on the intercept page directly (e.g. guessing the login page URL or clicking on a link pointing to the login page).