I am using Liferay 6.1 version .
Once a User enters http:localhost , i am displaying my Web Page called "/ravi" which consists of my Custom Portal as shown
I have configured this below properties under portal-ext.properties as shown
auth.forward.by.last.path=true
default.landing.page.path=/web/guest/ravi
Please see the screen shot of my Custom Portlet shown when the users enters http:localhost
Now my requirement is that i need to show another page ("/web/guest/test") if he enters valid crendentails .
In my processAction class , i am doing this way
public class ValidateUser extends MVCPortlet {
public void processAction(ActionRequest request, ActionResponse response) {
String userName = (String) request.getParameter("userName");
String password = (String) request.getParameter("password");
try {
// Contatcs DB and validates the credentials here
// Please let me know how can i show the Configured Page if his credentials are valid ??
}
catch (Exception e) {
}
}
}
Edited Part
Thank you very much for the answer with respect to the default login.events.post .
I am new to Liferay , so i may be doing a mistake here , so please help me if i was doing anything wrong .
I followed these steps :
Created a New Portlet named "MyLogon" Portlet and in its view.jsp created a form with two text fields (Login and Password ) and a submit button .
On click of that Submit Button , i was actually calling my processAction Method and making a DB call to validate Users from mysql db .
2.Then i created a page inside /web/guest/ravi and added this "MyLogon" Portlet to this new page /web/guest/ravi
Then configured this below properties under portal-ext.properties
auth.forward.by.last.path=true
default.landing.page.path=/web/guest/ravi
This is what i did .
And when entering http:localhost:8080 , it displayed taht page .
Please tell me if i am doing anything wrong
Edited 2nd Part
I have understood some part of your answer and i have these questions .
Could you please help
I need to validate Users based on the Data present inside my DataBase , so for this i need to do the below thins .
I need to create a Hook , to overdide this property
login.events.pre=com.LoginAction
public class LoginAction extends Action {
public void run(HttpServletRequest req, HttpServletResponse res) {
// Here i need to make a Database call to validate User Credentials and then do redirect him to the page i wanted ??
}
}
You need to create a Hook and override the default login.events.post
Below code for your reference,
public class LandingPageAction extends Action {
public LandingPageAction()
{
}
public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException
{
try
{
doRun(request, response);
}
catch(Exception e)
{
throw new ActionException(e);
}
}
protected void doRun(HttpServletRequest request, HttpServletResponse response) throws Exception
{
String homeRedirect="/web/guest/test";
LastPath lastPath = new LastPath(StringPool.BLANK, homeRedirect);
session.setAttribute("LAST_PATH", lastPath);
}
}
There are few things which I don't understand here. You are hitting localhost:8080, but screen shot shows that you are already logged in (there is a SignOut link and user Ravi Kiran is already logged in), but still there is a login page shown.
default.landing.page.path comes into picture when you are loggedin user. Are you hitting localhost:8080 or localhost/web/guest/Ravi ? You are not logged in yet, so it should not redirect to /web/guest/Ravi.
You could reuse the default Authentication code in Liferay. Not sure why you are taking User credentials from request parameters and making DB call yourself.
Edited as per the update in the question
1. The default Login Page of Liferay (the one that you see when you freshly download and hit localhost:8080 comes from this path
..\default\deploy\ROOT.war\html\portlet\login.
There is a login.jsp in this path which you can edit and give your own look and feel.
You can find below entry in this login.jsp page
<portlet:param name="struts_action" value="/login/login" />
This has a corresponding entry in ../deploy/ROOT.war/WEB-INF/struts-config.xml
<action path="/login/login" type="com.liferay.portlet.login.action.LoginAction">
<forward name="portlet.login.login" path="portlet.login.login" />
</action>
You can open up the source code and look into com.liferay.portlet.login.action.LoginAction method.
This performs a basic Authentication as per your passwords.encryption.algorithm= and passwords.digest.encoding=
configuration in portal-ext.properties file. LoginAction will perform basic authentication and will redirect all
users as per path mentioned in default.landing.page.path=
If you want (some) Users to redirect to (some) other path(conditionally), you can use the code I have mentioned above by writing a Hook.
2. Once authenticated, you can login and create a Page (in your case its "ravi"). You can add your custom Portlet to this Page. You should not write a cutom portlet which will do authentication once you are already logged in
Related
I am hoping someone can point me in the right direction. We host a University Moodle site and we are looking for a way in which we can perform extra validation on a Student whenever they login. I will give a scenario.
We have an endpoint with a list of email addresses of students allowed to use the system, for example a list of Students who are fully paid up on tuition. Therefore, we are looking for a way to hook into the login process, perform this check and the allow the student to continue or redirect back to the login page with an error.
I would appreciate any advice on how we can achieve this. Thank you.
I found a solution to my problem. I ended up creating a custom Authentication plugin using the guidelines from https://docs.moodle.org/dev/Authentication_plugins. With that knowledge, I used the copied the folder in the Moodle installation path auth/none and used that as a shell for my new plugin. I went ahead and customized the plugin names to what I needed. Once that was done and once the plugin was installed and enabled from the Administrator Dashboard, I had something like this in my auth.php file:
// Required for all auth plugins
public function user_login($username, $password)
{
return false;
}
// Hooks in immediately after the User submits the login form
public function loginpage_hook()
{
$username = $_REQUEST['username'] ?? '';
/** CODE CHECKING IF USERNAME IS ALLOWED TO ACCESS MOODLE **/
/** FOR EXAMPLE CHECK IF USER PAID FEES **/
$userHasPaidFees = api_checks_if_user_paid_fees($username);
if ($userHasPaidFees ) {
// Returning true here proceeds with the
// normal Username/Password login combination
return true;
}
// If not, redirect them back to Login
// Or any other page and notify
redirect(
new moodle_url('/login/index.php'),
'Message telling user why they were not able to sign in',
null,
\core\output\notification::NOTIFY_ERROR
);
}
Thanks and I hope someone finds this useful.
I would like to implement this authentication flow in Keycloak:
A user creates an account by typing only his email
The user is logged in and can access my service
2'. At the same time, an email is sent to him, allowing him to "finalize" his account
The user leaves his session -> to reuse my service, he must click in the received email
By clicking in the received email, the user defines his first password
The user is then logged in automatically (without going through a login page).
The objective of this flow is to be the simplest, to hook users who are not used to webapps.
The implementation I would do:
Create an account without password request: I customize the Keycloak Registration flow by disabling the Password Validation and Profile Validation rules
Programmatically, in my webapp, at the first connection of a user, via the REST Admin API, I trigger the email action UPDATE_PASSWORD
I get something that works, but:
A. The link received by email redirects to an intermediary page confirming the execution of actions ("Perform the following action (s)") - (similar to Keycloak Implement Reset password flow same as forgot password flow)
B. The user is then redirected to a login page, and not directly connected to the application.
When, as a normal user, I trigger a reset password request (through 'forget password' feature), the process is the one I want: by clicking on the email link, I go directly to the page allowing me to enter and confirm a new password, then I'm authenticated.
My question: Do you see a way to implement this 'simplified' flow?
My keycloak version : 11.0.2
Thank you !
I could remove the "info.ftl" page display, customizing the "ExecuteActionsActionTokenHandler", as explained here :
action-token-spi
You have to create a file :
src/main/resources/META-INF/services/org.keycloak.authentication.actiontoken.ActionTokenHandlerFactory
containing the name of the class you want to use instead :
com.example.ExecuteActionTokenHandlerFactory
Then you create that class com.example.ExecuteActionTokenHandlerFactory with the following code :
public class ExecuteActionTokenHandlerFactory extends ExecuteActionsActionTokenHandler {
#Override
public Response handleToken(ExecuteActionsActionToken token, ActionTokenContext<ExecuteActionsActionToken> tokenContext) {
AuthenticationSessionModel authSession = tokenContext.getAuthenticationSession();
String redirectUri = RedirectUtils.verifyRedirectUri(tokenContext.getUriInfo(), token.getRedirectUri(),
tokenContext.getRealm(), authSession.getClient());
if (redirectUri != null) {
authSession.setAuthNote(AuthenticationManager.SET_REDIRECT_URI_AFTER_REQUIRED_ACTIONS, "true");
authSession.setRedirectUri(redirectUri);
authSession.setClientNote(OIDCLoginProtocol.REDIRECT_URI_PARAM, redirectUri);
}
token.getRequiredActions().stream().forEach(authSession::addRequiredAction);
UserModel user = tokenContext.getAuthenticationSession().getAuthenticatedUser();
// verify user email as we know it is valid as this entry point would never have gotten here.
user.setEmailVerified(true);
String nextAction = AuthenticationManager.nextRequiredAction(tokenContext.getSession(), authSession, tokenContext.getClientConnection(), tokenContext.getRequest(), tokenContext.getUriInfo(), tokenContext.getEvent());
return AuthenticationManager.redirectToRequiredActions(tokenContext.getSession(), tokenContext.getRealm(), authSession, tokenContext.getUriInfo(), nextAction);
}
}
Actually it is the same implementation as the upper class, except we removed the following part :
if (tokenContext.isAuthenticationSessionFresh()) {
...
}
which means that if the user did not have a session, which happens when the user is reseting his password, he is redirected to that "info.ftl" page.
As a workaround for problem A, I customize info.ftl template page. I add an ugly inline script to click on the link, redirecting automatically to the update password page.
<#import "template.ftl" as layout>
(...)
<#elseif actionUri?has_content>
<p><a id="yolo" href="${actionUri}">${kcSanitize(msg("proceedWithAction"))?no_esc}</a></p>
<script>document.getElementById('yolo').click()</script>
(...)
It'll do the job until I found a cleaner solution.
At the moment, B problem remains.
I'm working on a wicket legacy-project and i'm trying to fix a bug with the session time-out.
Basically I'd like to have a redirect to a customed error page after session times out.
This is what I did:
web.xml :
<session-config>
<session-timeout>1</session-timeout>
</session-config>
in the application class:
#Override
public void init() {
super.init();
getApplicationSettings().setPageExpiredErrorPage(ErrorMessagePage.class);
This is not working. I mean after session time out, nothing happens.
What am I doing wrong?
EDIT 04.05.20
Based on the feedback from Martin I tried to implement a session validaty checker:
public class SessionValidityChecker implements IRequestCycleListener {
#Override
public void onBeginRequest(RequestCycle cycle) {
HttpServletRequest request = (HttpServletRequest) cycle.getRequest().getContainerRequest();
boolean sessionValid = request.isRequestedSessionIdValid();
if (!sessionValid) {
cycle.setResponsePage(SessionExpiredPage.class);
}
}
}
and in Application.class
public void init() {
super.init();
getRequestCycleListeners().add(new SessionValidityChecker());
}
Also what I may should have specified in my first post is that I use the wicket SignInPanel for authentification. After timeout, I'd like the user to be logged out and redirected to a specific page.
This is what I've tried with the above code, but after session time out, no redirect happens. Even worst, the user is still signed in. What am I missing?
You are mistaking page expiration with session expiration.
Stateful pages are stored in a PageStore (disk) and the store may grow up to some predefined size. Once this size is reached the oldest page is removed to make room for the newest one.
If your user uses the browser Back button many times at some point Wicket will throw PageExpiredException for the deleted page.
In your case when the session expires usually the web server (e.g. Tomcat) will just create a new one. If your application has authentication enabled then it will detect that there is no authenticated user in the new http session and most probably will redirect the user to the login page.
If there is no authentication in place then Wicket will create a new instance of the requested page and render it. You can change this by changing PageSettings#recreateBookmarkablePagesAfterExpiry to false
(see https://github.com/apache/wicket/blob/79f63f66eb588a5d69e9feff7066f1244f61f387/wicket-core/src/main/java/org/apache/wicket/settings/PageSettings.java#L46)
You may use javax/servlet/http/HttpServletRequest.html#isRequestedSessionIdValid() method to find whether the the request came with an expired JSESSIONID cookie/url. If it is false then the web server just created a new HttpSession. You can do the check in Wicket's IRequestCycleListener#onBeginRequest()
I share an content of page, like image and text and it's work fine.
But i try ti share link for when someone click, navigate to a my UWP in a page of content shared before.
Like "Click here": this have a link to navigate for my app installed in uwp.
For navigate to my page I need to pass parameters, such as:
((App)(App.Current)).NavigationService.Navigate<MyPage>(Parameters.ToString());
I dont have any idea to do this. :(
someone help me please?
Thanks
If I understand you correctly; you want to supply a link which will open your UWP app and open a "previously shared" page.
To be able to do this you'll need to register to handle uri activation. You'll have to register a protocoll for your app, for example myawesomeapp:.
Then you can pass some additional parameters when someone click the link: myawsomeapp://navto=sharehistory&showitem=2.
Lastly your apps need to handle when it's launched from a uri in OnActivated:
protected override void OnActivated(IActivatedEventArgs args)
{
if (args.Kind == ActivationKind.Protocol)
{
ProtocolActivatedEventArgs eventArgs = args as ProtocolActivatedEventArgs;
// TODO: Handle URI activation
// The received URI is eventArgs.Uri.AbsoluteUri
}
}
You can read the docs here
Well i developing a Flex desktop app and i cant logout form facebook. I mean after loggin in and updating the photo i want to update, i run the method to log out, which looks like this
FacebookDesktop.logout(handleLogout);
Where handleLogout is a function where i can do other things.
The method runs but never log out. I think that maybe loading an other request i could log out, and i find that using:
"https://www.facebook.com/logout.php?" + info.get_accessToken() +
"&next=http://www.Google.com"
would log out, but i dont know where i ca get the accesToken.
Thanks in advance!
The following code is implemented in for asp.net page using C# code.
EXPLANATION
First you need to send a request to authenticate the user(the IF part). You will get a "CODE" on successfull authentication. Then send a request with this code to authorize the application. On successful authorization you will get the access token as response.
protected void Page_Load(object sender, EventArgs e)
{
if (Request.QueryString["code"] != null)
{
Response.Redirect("https://graph.facebook.com/oauth/access_token?client_id=CLIENT_ID&redirect_uri=CURRENT_URL&client_secret=APP_SECRET&code="+Request.QueryString["code"]);
}
else
{
Response.Redirect("https://www.facebook.com/dialog/oauth?client_id=CLIENT_ID&redirect_uri=CURRENT_URL&scope=read_stream");
}
}
HERE IS THE PROCEDURE
Create an asp.net website
In the default.aspx page implement the above code.
Replace CLIENT_ID,APP_SECRET with the AppId and AppSecret respectively
CURRENT_URL should be the url of the page in which you are implementing the code.
The part "&scope=read_stream" is not mandatory. If you need any additional permissions please enter it here as comma separated values.
You will get a string in the format
access_token=ACCESS_TOKEN_VALUE&expires=EXPIRY_TIME
as response.
Try this to send a POST request using flex
var urlLoader:URLLoader = new URLLoader();
var request:URLRequest = new URLRequest("https://www.facebook.com/logout.php?next=YOUR_URL&access_token=ACCESS_TOKEN");
request.data = binaryData;
request.method = URLRequestMethod.POST
urlLoader.load(request);