I am using SEAM 2.2.2 (JBoss AS6), trying to implement the following navigation logic:
I have 3 user types: user, client, admin
For each type I am using the following page rules...
<page login-required="true" view-id="/admin/*">
<restrict>#{s:hasRole('admin')}</restrict>
<navigation from-action="#{identity.logout}">
<end-conversation/>
<redirect view-id="/admin-login"/>
</navigation>
</page>
to forward users to the login page when they log out
and
<exception class="org.jboss.seam.security.NotLoggedInException" log="false">
<redirect view-id="/index.xhtml"/>
</exception>
<exception class="org.jboss.seam.security.AuthorizationException" log="false">
<end-conversation/>
<redirect view-id="/index.xhtml"/>
</exception>
to bounce users who are not logged in. However rather than redirecting them to the index page, I want to redirect them to their respective login pages, to for example, if I try to access /admin/somePage.xhtml without logging in, I am redirected to /admin-login page
I guess I need to somehow get the requested page as a parameter in pages.xml, but having looked through the docs I cant see anything
Something like below (as an example)...
<exception class="org.jboss.seam.security.NotLoggedInException" log="false">
<rule if="#{requestedPage}='/admin/*'">
<redirect view-id="/admin-login"/>
</rule>
</exception>
UPDATE:
I have also tried the following,
<page login-required="true" view-id="/admin/*">
<restrict>#{s:hasRole('admin')}</restrict>
<rule if="#{!s:hasRole('admin')}">
<redirect view-id="/admin-login"/>
</rule>
<navigation from-action="#{identity.logout}">
<end-conversation/>
<redirect view-id="/admin-login"/>
</navigation>
</page>
But the org.jboss.seam.security.NotLoggedInException overrides it and forwards to index.xhtml.
Following some more googling I found the same problem here: https://community.jboss.org/thread/191214 which has a (not ideal) solution, if anyone can describe a better one please let me know, otherwise I will use this one.
Ok, I found the same question here https://community.jboss.org/thread/191214 and have used the solution provided at the end of the thread which seems to work quite well.
Related
I am making use of the org.ofbiz.webtools.GenericWebEvent service which is invoking the updateGeneric method, instead of having multiple routes for all the different forms, I've created one which manages them all using the following code:
controller.xml
<request-map uri="process">
<security https="true" auth="true"/>
<event type="java" path="org.ofbiz.webtools.GenericWebEvent" invoke="updateGeneric"/>
<response name="success" type="view" value="home"/>
<response name="error" type="view" value="CURRENT_PAGE_HERE"/>
</request-map>
As you can see in the error part, the value shown is CURRENT_PAGE_HERE, I'd like the route to show whatever page that is being displayed, for example error occurs on login, re-show login with the notice, error occurs on register, re-show register etc.
How could this be achieved?
The GenericWebEvent#updateGeneric method is a functionality used to update GenericValues and is used in the Webtools to edit/update the data.
The class name GenericWebEvent might be a bit misleading here but if you have a look at the implementation it should be clear that it does not generically handle different web events like you want to do.
I've writter Redirect rule in urlrewriter.config for accepting parameter in url.
Rule is working fine. But, I've scenario when parameter(ID) is null, it should be redirected to work page and if parameter is there below rule should work.
Ex: www.myDomain.com/case-study/myCasestudy -> Redirect to case-study Page
www.myDomain.com/case-study -> Redirect to Work Page
I can handle this by JQuery in Case study page, But it will redirect first to case study page and after it will redirect to work page
<add name="CaseStudyRule" virtualUrl="^~/Case-Study/(.*)" destinationUrl="~/Case-Study.aspx?Id=$1"
rewriteUrlParameter="ExcludeFromClientQueryString"
ignoreCase="true" />
</rewrites>
Add two rules: one for virtualUrl="^~/Case-Study" and another for virtualUrl="^~/Case-Study/(.+)"
I have created a class in C# Asp.Net that acts as an IHttpHandler for handling some special requests in order to get Videos in the form of streams, retrieved from MS SQL Server 2008 database.
From front end I am using VLC Player's web plugin to request these Video streams using an embed tag like following:
<embed type="application/x-vlc-plugin" pluginspage="http://www.videolan.org"
width="840" height="472" name="vlcPlayerExtraFeatures"
id="vlcPlayerExtraFeatures" target="http://my-pc/MyWebApp/file.ivd?VideoID=123"
autoplay="true" windowless="true" bgcolor="#000000" />
<object classid="clsid:9BE31822-FDAD-461B-AD51-BE1D1C159921"
codebase="http://download.videolan.org/pub/videolan/vlc/last/win32/axvlc.cab">
</object>
In my IHttpHandler class in ProcessRequest(HttpContext context) method, very first of all I check for the user's Asp.Net Session from "context" parameter like so:
if (context.Session["LoggedinUser"] == null) {
//do bla bla bla
}
Issue is: Using VLC player web plugin, context.Session["LoggedinUser"] always comes as null.
If I request the same file using Windows media player web plugin, I do get mentioned session information but not with VLC.
If this some kind of issue with VLC media player?
As per my finding, using VLC web plugin, you have no way accessing your Asp.Net session on server.
I have but done another workaround. In the code behind of page holding VLC embed tag. Upon page load, the value of URL parameter of VLC embed tag is appended a bypass token in the form of:
<OBJECT id="vlc" width="840" height="472"
CLASSID="CLSID:6BF52A52-394A-11d3-B153-00C04F79FAA6" type="application/x-oleobject">
<PARAM NAME="URL" VALUE="http://mysite.com/video.ivd?videoId=myvideo1234&videoToken=some_token_with_expiry_date" />
<PARAM NAME="SendPlayStateChangeEvents" VALUE="True" />
<PARAM NAME="AutoStart" VALUE="True" />
<PARAM NAME="ShowControls" value="True" />
</OBJECT>
Note: The querystring part in this Url is shown here unencrypted but on actual page it comes as encrypted (done actually in page_load method).
When VLC requests the video from my custom IHttp handler, the querystring part is decrypted in the handler and validity of token is evaluated from the supplied video token's expiry date. If it is still valid, video is streamed to the client otherwise request is denied, so that client might not make use of this Url for an indefinite period of time.
Well this is a workaround that worked for my case. May be somebody else have a more better approach than this.
I did a lot of researching on the matter but cannot seem to find the answer to my question, so I hope you guys can help me out.
We have a struts 1.2.7 web app that we converted to a JSR-168 portlet using the Apache Struts Portlet Bridge.
This is all working very well except for one thing: the actionforwards that specify a redirect do not actually redirect to the specified action. These redirects DO work when running the app as a normal struts web app. Hence, we have a double submit problem in the portlet variant.
We make use of action chaining that ends with an action forwarding to a tile definition. For example:
<action path="/CreateIdmAccountSubmit" validate="true" input="catalog.createaccount.page" type="com.konakart.actions.login.CreateIdmAccountSubmitAction" name="CreateIdmAccountForm">
<forward name="FillRegistrationData" path="/FillRegistrationData.do" redirect="true"/>
</action>
<action path="/FillRegistrationData" validate="false" type="com.konakart.actions.registration.FillRegistrationDataAction" name="FillRegistrationDataForm">
<forward name="FillRegistrationDataPage" path="/FillRegistrationDataPage.do" redirect="false"/>
</action>
<action path="/FillRegistrationDataPage" forward="order.registrationdata.page"/> (tiles-def)
In this example the action /CreateIdmAccountSubmit processes a submitted form (POST) and creates an account in the db. After successfull creation the user is redirected to another action (/FillRegistrationData) which inits an order object and, on its turn, forwards to the orderregistration page which layout is defined in the tiles-defs.xml.
As I said this all works very well, form a functional perspective, but when a user hits f5 on the rendered order-registration-page the action /CreateIdmAccountSubmit is again invoked causing the account to be created double. As I said also this is not happening when running the app as a normal web app. Here, the mechanism works perfectly :)
I think that the problem is being caused by the fact that the redirect is done in the wrong phase but i am really not sure as why this does not work :)
Based on what I read I tried the fowllowing things to fix the redirect problem:
* specified the action that does the form submit as "actionUrl" in struts-portlet-config.xml (hoping that redirect is done in wrong phase?)
* replaced the normal html tag library by the struts-portlet variant (hoping that a valid url actionUrl was produced by my html:form that in some way made the redirect possible?)
These two steps did not seem to help and I am lost at how to accomplish a simple redirect in the portlet so that we can prevent the double submit problem.
Hope you guys can help me out!
I found the answer: the mechanism is dependent on the portal implementation. We use Liferay which does not work with redirects by default.
However, you can switch this on by declaring an element in liferay-portlet.xml called
<action-url-redirect>true</action-url-redirect>
This fixed the problem for us!
My common usecase for my Struts2 application is that I have Actions that collect data which are presented on an JSP page. I'll call these view-actions.
But then I also have logic actions, which "do" something in the background (like registering a user). These might also have a bean that needs to be shown on an JSP, but I need to redirect the result to one of the view-actions.
Sadly, the bean I need from the first action doesn't get transferred to the ValueStack, but only values from getters from the view action. Example:
<action name="mailConfirm" class="de.abelssoft.updateyeti.Frontend.MailConfirmer">
<result name="login" type="redirectAction">
<param name="actionName">register</param>
<param name="email">${person.email}</param>
</result>
<result name="input" type="redirectAction">
<param name="actionName">register</param>
</result>
</action>
What is the pattern I'm missing here? Or do I have to store everything I need in the response context?
I got no answer to this question, so I'll tell you what I've done. Sorry for not providing a "good answer".
I wrote two interceptors. One for the logical action that would store message-objects in the user session temporarily and one for my view actions that would take and remove them out of the usersession.
I used the logical action interceptor where needed and used the viewaction interceptor for all other action to make sure that when an action redirection has happened before the view action, the message-objects will be found and used.