You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@turbine.apache.org by Markus Witt <wi...@wmd.de> on 2001/03/27 18:43:44 UTC
Forcing users to login (VelocitySite)
Hello.
I have problems getting my application to ensure users are logging in
before having access to it.
That's how I tried it:
I made a template for the Login-Page (screens/LoginScreen.vm) and a
different layout for the login page (layouts/LoginLayout). In the
template I have a form to get user input for the text inputs "username"
and "password" and have an input type submit with value "LoginUser". The
form action is "/Index.vm".
In TurbineResources.properties I have:
--------------------
[...]
template.homepage=/Index.vm
# screen.homepage=LoginScreen
template.login=/LoginScreen.vm
screen.login=LoginScreen
[...]
To enforce login I use a SessionValidator. I just "stole" the
TemplateSessionValidator and changed it a little bit. If the user is
null, the screen template is set to LoginScreen.vm.
The start of doPerform is changed from TemplateSessionValidator as
follows:
--------------------
[...]
public void doPerform( RunData data )
throws Exception
{
data.populate();
// with this validator, the user MUST login
if ( data.getUser() == null )
{
data.getTemplateInfo().setLayoutTemplate("/LoginLayout.vm");
//data.getTemplateInfo().setScreenTemplate(TurbineResources.getString("template.login"));
data.getTemplateInfo().setScreenTemplate("/LoginScreen.vm");
// data.setUser(TurbineSecurity.getAnonymousUser());
// data.save();
}
[...]
The result is I only get the login page. After the first try to login
the URL is http://localhost:8080/newapp/servlet/newapp/Index.vm, though.
Is this the right way to build an application that enforces login?
If this is documented somewhere please tell me where. The only
documentation I found tell's me that a newly generated app should always
give a login screen which either seems to be outdated or doesn't
describe the default behaviour for the apps newapp.bat generates for me
here.
Oh, BTW, I use the TDK version 1.1a11 on Windows NT with JDK 1.3.
Any hints are greatly appreciated.
Thanks, Markus
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
Re: Forcing users to login (VelocitySite)
Posted by John McNally <jm...@collab.net>.
There is a TemplateSecureSessionValidator action, does it not meet your
needs?
John McNally
Markus Witt wrote:
>
> Hello.
>
> I have problems getting my application to ensure users are logging in
> before having access to it.
>
> That's how I tried it:
>
> I made a template for the Login-Page (screens/LoginScreen.vm) and a
> different layout for the login page (layouts/LoginLayout). In the
> template I have a form to get user input for the text inputs "username"
> and "password" and have an input type submit with value "LoginUser". The
> form action is "/Index.vm".
>
> In TurbineResources.properties I have:
> --------------------
> [...]
> template.homepage=/Index.vm
> # screen.homepage=LoginScreen
> template.login=/LoginScreen.vm
> screen.login=LoginScreen
> [...]
>
> To enforce login I use a SessionValidator. I just "stole" the
> TemplateSessionValidator and changed it a little bit. If the user is
> null, the screen template is set to LoginScreen.vm.
>
> The start of doPerform is changed from TemplateSessionValidator as
> follows:
> --------------------
> [...]
> public void doPerform( RunData data )
> throws Exception
> {
> data.populate();
>
> // with this validator, the user MUST login
> if ( data.getUser() == null )
> {
> data.getTemplateInfo().setLayoutTemplate("/LoginLayout.vm");
>
> //data.getTemplateInfo().setScreenTemplate(TurbineResources.getString("template.login"));
> data.getTemplateInfo().setScreenTemplate("/LoginScreen.vm");
> // data.setUser(TurbineSecurity.getAnonymousUser());
> // data.save();
> }
> [...]
>
> The result is I only get the login page. After the first try to login
> the URL is http://localhost:8080/newapp/servlet/newapp/Index.vm, though.
>
> Is this the right way to build an application that enforces login?
>
> If this is documented somewhere please tell me where. The only
> documentation I found tell's me that a newly generated app should always
> give a login screen which either seems to be outdated or doesn't
> describe the default behaviour for the apps newapp.bat generates for me
> here.
>
> Oh, BTW, I use the TDK version 1.1a11 on Windows NT with JDK 1.3.
>
> Any hints are greatly appreciated.
> Thanks, Markus
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
Re: Forcing users to login (VelocitySite)
Posted by Eric Dobbs <er...@dobbse.net>.
On Friday, April 27, 2001, at 03:01 AM, Brian Lee wrote:
> I looked through LoginUser.java from CVS.
> But, there is no code for permissions or roles in this file.
Woops! My mistake. What you really want to look at is the
SecureScreen.java in the TDK in this folder:
./WEB-INF/java/org/mycompany/newapp/modules/screens
There's a method called isAuthorized where you will find
the permissions check you are looking for.
Sorry for the earlier misinformation.
-Eric
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
RE: Forcing users to login (VelocitySite)
Posted by Brian Lee <br...@3rsoft.com>.
I looked through LoginUser.java from CVS.
But, there is no code for permissions or roles in this file.
Would you explain to me in detail...?
-----Original Message-----
From: Eric Dobbs [mailto:eric@dobbse.net]
Sent: Thursday, April 26, 2001 11:19 PM
To: turbine-user@jakarta.apache.org
Subject: Re: Forcing users to login (VelocitySite)
If you want to use a different permission to allow folks to
login, then you'll have to write your own version of LoginUser.java
For the default TDK 1.1a13 installation you'll put that file in
WEB-INF/src/java/org/mycompany/newapp/modules/actions.
Best thing would be to copy the code for LoginUser.java from the CVS
pool and adjust it to check for the permissions or roles you want to
use.
-Eric
On Thursday, April 26, 2001, at 12:04 AM, Brian Lee wrote:
> I generate newapp and add new user in flux - tdk1.1a13.
> but, I can't login in with this account.
> I can login in only account beloging to turbine_root group.
>
> I modified "$link.setAction("LoginUser")" to
> "$link.setAction("FluxLogin")" in template/screen/Login.vm
> and I found authentication with new account is successful at
> doPerform() method in FluxLogin.java.
> But, Login.vm is displayed again, not Index.vm.
>
> Is there a good way to do it?
>
> Thanks
>
>
> -----Original Message-----
> From: jvanzyl [mailto:jvanzyl]On Behalf Of Jason van Zyl
> Sent: Wednesday, April 04, 2001 1:11 AM
> To: turbine-user@jakarta.apache.org
> Subject: Re: Forcing users to login (VelocitySite)
>
>
> Markus Witt wrote:
>>
>> Hello.
>>
>> I have problems getting my application to ensure users are logging in
>> before having access to it.
>>
>
> The TDK 1.1a13 has a full working example of what you require
> with no modifications necessary to any turbine code. Works right
> out of the box. There were quite a few changes between 1.1a11 and
> 1.1a13. In particular the problem of having a specific layout for
> the login page was only fixed a week ago so you might want
> to upgrade your tdk.
>
> <snip>
>
>
>
> --
> Brian Lee
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
Re: Forcing users to login (VelocitySite)
Posted by Eric Dobbs <er...@dobbse.net>.
If you want to use a different permission to allow folks to
login, then you'll have to write your own version of LoginUser.java
For the default TDK 1.1a13 installation you'll put that file in
WEB-INF/src/java/org/mycompany/newapp/modules/actions.
Best thing would be to copy the code for LoginUser.java from the CVS
pool and adjust it to check for the permissions or roles you want to
use.
-Eric
On Thursday, April 26, 2001, at 12:04 AM, Brian Lee wrote:
> I generate newapp and add new user in flux - tdk1.1a13.
> but, I can't login in with this account.
> I can login in only account beloging to turbine_root group.
>
> I modified "$link.setAction("LoginUser")" to
> "$link.setAction("FluxLogin")" in template/screen/Login.vm
> and I found authentication with new account is successful at
> doPerform() method in FluxLogin.java.
> But, Login.vm is displayed again, not Index.vm.
>
> Is there a good way to do it?
>
> Thanks
>
>
> -----Original Message-----
> From: jvanzyl [mailto:jvanzyl]On Behalf Of Jason van Zyl
> Sent: Wednesday, April 04, 2001 1:11 AM
> To: turbine-user@jakarta.apache.org
> Subject: Re: Forcing users to login (VelocitySite)
>
>
> Markus Witt wrote:
>>
>> Hello.
>>
>> I have problems getting my application to ensure users are logging in
>> before having access to it.
>>
>
> The TDK 1.1a13 has a full working example of what you require
> with no modifications necessary to any turbine code. Works right
> out of the box. There were quite a few changes between 1.1a11 and
> 1.1a13. In particular the problem of having a specific layout for
> the login page was only fixed a week ago so you might want
> to upgrade your tdk.
>
> <snip>
>
>
>
> --
> Brian Lee
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
RE: Forcing users to login (VelocitySite)
Posted by Brian Lee <br...@3rsoft.com>.
I generate newapp and add new user in flux - tdk1.1a13.
but, I can't login in with this account.
I can login in only account beloging to turbine_root group.
I modified "$link.setAction("LoginUser")" to "$link.setAction("FluxLogin")" in template/screen/Login.vm
and I found authentication with new account is successful at doPerform() method in FluxLogin.java.
But, Login.vm is displayed again, not Index.vm.
Is there a good way to do it?
Thanks
-----Original Message-----
From: jvanzyl [mailto:jvanzyl]On Behalf Of Jason van Zyl
Sent: Wednesday, April 04, 2001 1:11 AM
To: turbine-user@jakarta.apache.org
Subject: Re: Forcing users to login (VelocitySite)
Markus Witt wrote:
>
> Hello.
>
> I have problems getting my application to ensure users are logging in
> before having access to it.
>
The TDK 1.1a13 has a full working example of what you require
with no modifications necessary to any turbine code. Works right
out of the box. There were quite a few changes between 1.1a11 and
1.1a13. In particular the problem of having a specific layout for
the login page was only fixed a week ago so you might want
to upgrade your tdk.
<snip>
--
Brian Lee
Re: Forcing users to login (VelocitySite)
Posted by Jason van Zyl <jv...@apache.org>.
Markus Witt wrote:
>
> Hello.
>
> I have problems getting my application to ensure users are logging in
> before having access to it.
>
The TDK 1.1a13 has a full working example of what you require
with no modifications necessary to any turbine code. Works right
out of the box. There were quite a few changes between 1.1a11 and
1.1a13. In particular the problem of having a specific layout for
the login page was only fixed a week ago so you might want
to upgrade your tdk.
> That's how I tried it:
>
> I made a template for the Login-Page (screens/LoginScreen.vm) and a
> different layout for the login page (layouts/LoginLayout). In the
> template I have a form to get user input for the text inputs "username"
> and "password" and have an input type submit with value "LoginUser". The
> form action is "/Index.vm".
>
> In TurbineResources.properties I have:
> --------------------
> [...]
> template.homepage=/Index.vm
> # screen.homepage=LoginScreen
> template.login=/LoginScreen.vm
> screen.login=LoginScreen
> [...]
>
> To enforce login I use a SessionValidator. I just "stole" the
> TemplateSessionValidator and changed it a little bit. If the user is
> null, the screen template is set to LoginScreen.vm.
>
> The start of doPerform is changed from TemplateSessionValidator as
> follows:
> --------------------
> [...]
> public void doPerform( RunData data )
> throws Exception
> {
> data.populate();
>
> // with this validator, the user MUST login
> if ( data.getUser() == null )
> {
> data.getTemplateInfo().setLayoutTemplate("/LoginLayout.vm");
>
> //data.getTemplateInfo().setScreenTemplate(TurbineResources.getString("template.login"));
> data.getTemplateInfo().setScreenTemplate("/LoginScreen.vm");
> // data.setUser(TurbineSecurity.getAnonymousUser());
> // data.save();
> }
> [...]
>
> The result is I only get the login page. After the first try to login
> the URL is http://localhost:8080/newapp/servlet/newapp/Index.vm, though.
>
> Is this the right way to build an application that enforces login?
>
> If this is documented somewhere please tell me where. The only
> documentation I found tell's me that a newly generated app should always
> give a login screen which either seems to be outdated or doesn't
> describe the default behaviour for the apps newapp.bat generates for me
> here.
>
> Oh, BTW, I use the TDK version 1.1a11 on Windows NT with JDK 1.3.
>
> Any hints are greatly appreciated.
> Thanks, Markus
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-user-help@jakarta.apache.org
--
jvz.
Jason van Zyl
jvanzyl@apache.org
http://jakarta.apache.org/velocity
http://jakarta.apache.org/turbine
http://tambora.zenplex.org
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org