You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@turbine.apache.org by Lauri Svan <La...@hut.fi> on 2003/01/06 17:07:24 UTC
Storing temporary data in login
Hi,
I have been trying to implement a simple web shop having shopping carts, e-mail confirmations and such. So far Turbine has met most of the requirements. However, I have found one problem that I have difficulties in overcoming.
Majority of the pages (i.e. picking items to the shopping cart bean) require no authorization. But when checking out, the user should be prompted for user name and password. I have implemented these by extending TurbineUser with my own class. However, when logging in, the cart object stored with RunData.setTemp() is lost. I tried to fix this by extending the LoginAction used in authentication with my own class, which stores shopping cart in a temporary variable before calling super.doPerform(), and setting the cart back after the authentication is complete. This works fine if the authentication was ok, but somehow the cart is lost if authentication failed.
What could be the cause of this problem and how could I fix it?
The code snippet for extending the user is as follows:
package com.ls.webshop.modules.actions;
import org.apache.turbine.util.TurbineException;
import org.apache.turbine.services.resources.TurbineResources;
import org.apache.turbine.TurbineConstants;
import org.apache.turbine.modules.actions.*;
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.services.resources.TurbineResources;
import org.apache.turbine.services.security.TurbineSecurity;
import org.apache.turbine.om.security.User;
import org.apache.turbine.util.security.DataBackendException;
import org.apache.turbine.util.security.TurbineSecurityException;
import com.ls.webshop.util.business.*;
import com.ls.webshop.om.WebshopUser;
/**
* Logins an user, with the meaning of not to clear the session prior to login.
* Default configurations invalidate the session prior to executing doPerform.
* To maintain a shopping cart in login, the login must be done otherwise, and
* the cart should be saved in a temporary variable prior logging in.
*/
public class ExtendedLoginUser extends LoginUser {
public void doPerform(RunData data) throws Exception {
/* Fetch the shopping cart of the user, use a new one if not exists */
WebshopUser user = (WebshopUser) data.getUser();
ShoppingCart cart = (ShoppingCart) user.getTemp("cart",
new ShoppingCart());
System.err.println("Authenticate");
try {
/* Invalidate the current session to provide a means for logging in */
data.removeUserFromSession();
super.doPerform(data);
}
catch(Exception e) {
/* user = (WebshopUser) data.getUser();
user.setTemp("cart", cart);
throw e; */
}
user = (WebshopUser) data.getUser();
if (user != null)
user.setTemp("cart", cart);
System.err.println("Setting next template");
/* Check whether services.webshop.navigation.redirect.key parameter exists. If so, redirect there */
String nextTemplate =
data.getParameters().get(TurbineResources.getString("services.webshop.navigation.redirect.key"));
if (nextTemplate != null)
data.setScreenTemplate(nextTemplate);
}
}
Regards,
Lauri Svan
Lauri.Svan@hut.fi
Re: Storing temporary data in login
Posted by Eric Emminger <er...@ericemminger.com>.
Lauri
Your code looks like it should work. I was doing something similar with
Turbine 2.1. What version of Turbine are you using?
> user = (WebshopUser) data.getUser();
> if (user != null)
> user.setTemp("cart", cart);
Are you sure that ShoppingCart is _not_ null before you call setTemp()?
Eric
--
Eric Emminger
eric@ericemminger.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Storing temporary data in login
Posted by Lauri Svan <La...@hut.fi>.
Hi, James,
First, thanks for your advice. I guess the problem could be handled with
cookies i.e. by storing the shopping cart in a static HashMap, giving cookie
as the key. However, I still keep on searching for other solutions as well,
since I hope there is a possibility of keeping the current architecture as
it is.
Instead, Going back to my original code in ExtendedLoginUser, I would like
to know why the following snippet in the end of ExtendedLoginUser
user = (WebshopUser) data.getUser();
if (user != null)
user.setTemp("cart", cart);
does not set the temporary variable for anonymous user if the authentication
failed. I suppose that statement should be executed even though
LoginUser.doPerform() fails. Am I misunderstanding something in the control
flow of Turbine actions, or does Turbine somhow invalidate the user once
more after executing the lines above?
Regards,
Lauri Svan
Lauri.Svan@hut.fi
----- Original Message -----
From: "James Cooper" <ja...@maxware.nl>
To: "Turbine Users List" <tu...@jakarta.apache.org>
Sent: Tuesday, January 07, 2003 11:30 AM
Subject: RE: Storing temporary data in login
> Hi Lauri,
> I do something similar, generally I invoke the RunData.getUser.setTemp()
> method to store data that I do not want to persist for longer than the
> length of the session.
>
> For information that I want to store for longer than the session I use the
> RunData.getUser.setPerm(), but as you noticed this stores information
> serialised to the database and the user must have been logged in inorder
to
> use this.
>
> If you still want to store information without having to authenticate your
> user you could you cookies. I use a combination of all 3 but to simulate
> different behaviour. Your only problem is that using setPerm there is not
> obvious way to remove information once its stored there. Overwriting the
> object is one way, but thats not so pretty as since you're essentially
> storing information in a hashtable, to overwrite you must ensure that the
> object has the same hashcode.
>
> -----Original Message-----
> From: Lauri Svan [mailto:Lauri.Svan@hut.fi]
> Sent: 06 January 2003 17:07
> To: turbine-user@jakarta.apache.org
> Subject: Storing temporary data in login
>
>
> Hi,
>
> I have been trying to implement a simple web shop having shopping carts,
> e-mail confirmations and such. So far Turbine has met most of the
> requirements. However, I have found one problem that I have difficulties
in
> overcoming.
>
> Majority of the pages (i.e. picking items to the shopping cart bean)
require
> no authorization. But when checking out, the user should be prompted for
> user name and password. I have implemented these by extending TurbineUser
> with my own class. However, when logging in, the cart object stored with
> RunData.setTemp() is lost. I tried to fix this by extending the
LoginAction
> used in authentication with my own class, which stores shopping cart in a
> temporary variable before calling super.doPerform(), and setting the cart
> back after the authentication is complete. This works fine if the
> authentication was ok, but somehow the cart is lost if authentication
> failed.
>
> What could be the cause of this problem and how could I fix it?
>
>
> The code snippet for extending the user is as follows:
>
>
> package com.ls.webshop.modules.actions;
> import org.apache.turbine.util.TurbineException;
> import org.apache.turbine.services.resources.TurbineResources;
>
> import org.apache.turbine.TurbineConstants;
> import org.apache.turbine.modules.actions.*;
> import org.apache.turbine.util.Log;
> import org.apache.turbine.util.RunData;
> import org.apache.turbine.services.resources.TurbineResources;
> import org.apache.turbine.services.security.TurbineSecurity;
> import org.apache.turbine.om.security.User;
> import org.apache.turbine.util.security.DataBackendException;
> import org.apache.turbine.util.security.TurbineSecurityException;
>
> import com.ls.webshop.util.business.*;
> import com.ls.webshop.om.WebshopUser;
>
> /**
> * Logins an user, with the meaning of not to clear the session prior to
> login.
> * Default configurations invalidate the session prior to executing
> doPerform.
> * To maintain a shopping cart in login, the login must be done otherwise,
> and
> * the cart should be saved in a temporary variable prior logging in.
> */
> public class ExtendedLoginUser extends LoginUser {
>
> public void doPerform(RunData data) throws Exception {
> /* Fetch the shopping cart of the user, use a new one if not exists */
> WebshopUser user = (WebshopUser) data.getUser();
> ShoppingCart cart = (ShoppingCart) user.getTemp("cart",
> new ShoppingCart());
>
> System.err.println("Authenticate");
> try {
> /* Invalidate the current session to provide a means for logging in */
> data.removeUserFromSession();
> super.doPerform(data);
> }
> catch(Exception e) {
> /* user = (WebshopUser) data.getUser();
> user.setTemp("cart", cart);
> throw e; */
> }
> user = (WebshopUser) data.getUser();
> if (user != null)
> user.setTemp("cart", cart);
> System.err.println("Setting next template");
>
> /* Check whether services.webshop.navigation.redirect.key parameter
> exists. If so, redirect there */
> String nextTemplate =
>
>
data.getParameters().get(TurbineResources.getString("services.webshop.naviga
> tion.redirect.key"));
> if (nextTemplate != null)
> data.setScreenTemplate(nextTemplate);
> }
> }
>
> Regards,
>
> Lauri Svan
> Lauri.Svan@hut.fi
>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Storing temporary data in login
Posted by James Cooper <ja...@maxware.nl>.
Hi Lauri,
I do something similar, generally I invoke the RunData.getUser.setTemp()
method to store data that I do not want to persist for longer than the
length of the session.
For information that I want to store for longer than the session I use the
RunData.getUser.setPerm(), but as you noticed this stores information
serialised to the database and the user must have been logged in inorder to
use this.
If you still want to store information without having to authenticate your
user you could you cookies. I use a combination of all 3 but to simulate
different behaviour. Your only problem is that using setPerm there is not
obvious way to remove information once its stored there. Overwriting the
object is one way, but thats not so pretty as since you're essentially
storing information in a hashtable, to overwrite you must ensure that the
object has the same hashcode.
-----Original Message-----
From: Lauri Svan [mailto:Lauri.Svan@hut.fi]
Sent: 06 January 2003 17:07
To: turbine-user@jakarta.apache.org
Subject: Storing temporary data in login
Hi,
I have been trying to implement a simple web shop having shopping carts,
e-mail confirmations and such. So far Turbine has met most of the
requirements. However, I have found one problem that I have difficulties in
overcoming.
Majority of the pages (i.e. picking items to the shopping cart bean) require
no authorization. But when checking out, the user should be prompted for
user name and password. I have implemented these by extending TurbineUser
with my own class. However, when logging in, the cart object stored with
RunData.setTemp() is lost. I tried to fix this by extending the LoginAction
used in authentication with my own class, which stores shopping cart in a
temporary variable before calling super.doPerform(), and setting the cart
back after the authentication is complete. This works fine if the
authentication was ok, but somehow the cart is lost if authentication
failed.
What could be the cause of this problem and how could I fix it?
The code snippet for extending the user is as follows:
package com.ls.webshop.modules.actions;
import org.apache.turbine.util.TurbineException;
import org.apache.turbine.services.resources.TurbineResources;
import org.apache.turbine.TurbineConstants;
import org.apache.turbine.modules.actions.*;
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.services.resources.TurbineResources;
import org.apache.turbine.services.security.TurbineSecurity;
import org.apache.turbine.om.security.User;
import org.apache.turbine.util.security.DataBackendException;
import org.apache.turbine.util.security.TurbineSecurityException;
import com.ls.webshop.util.business.*;
import com.ls.webshop.om.WebshopUser;
/**
* Logins an user, with the meaning of not to clear the session prior to
login.
* Default configurations invalidate the session prior to executing
doPerform.
* To maintain a shopping cart in login, the login must be done otherwise,
and
* the cart should be saved in a temporary variable prior logging in.
*/
public class ExtendedLoginUser extends LoginUser {
public void doPerform(RunData data) throws Exception {
/* Fetch the shopping cart of the user, use a new one if not exists */
WebshopUser user = (WebshopUser) data.getUser();
ShoppingCart cart = (ShoppingCart) user.getTemp("cart",
new ShoppingCart());
System.err.println("Authenticate");
try {
/* Invalidate the current session to provide a means for logging in */
data.removeUserFromSession();
super.doPerform(data);
}
catch(Exception e) {
/* user = (WebshopUser) data.getUser();
user.setTemp("cart", cart);
throw e; */
}
user = (WebshopUser) data.getUser();
if (user != null)
user.setTemp("cart", cart);
System.err.println("Setting next template");
/* Check whether services.webshop.navigation.redirect.key parameter
exists. If so, redirect there */
String nextTemplate =
data.getParameters().get(TurbineResources.getString("services.webshop.naviga
tion.redirect.key"));
if (nextTemplate != null)
data.setScreenTemplate(nextTemplate);
}
}
Regards,
Lauri Svan
Lauri.Svan@hut.fi
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>