You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@turbine.apache.org by "Weaver, Scott" <Sw...@rippe.com> on 2002/01/23 14:56:22 UTC

RE: Turbine (with auth/session) as transparent proxy (no template s)?

> ... I've created empty Layout and Screen templates, but
> Turbine still emits its own BODY and other tags, which confuse the
> browser because the proxied content has its own BODY tags and such.

In TR.props set:
services.VelocityService.default.layout = VelocityOnlyLayout

The default, "VelocityECSLayout", will always place <html>, <head> and
<body> your templates.  VelocityOnlyLayout will not place anything in your
layout templates.

> I could go low-level servlet, with methods hanging off
> RunData.getResponse().* -- the javax.servlet.http calls like
> getOutputStream() and getWriter().  The former claims to be able to
> send binary data, while the latter appears to only be able to send
> character text.  I need to be able to act like a web server to my
> client and send back binary data like image/jpeg; so must I use
> getOutputStream()?

You may want to check out org.apache.turbine.modules.screens.RawScreen.
I've never used it but from what it says in the javadocs, this might do the
trick for you.

HTH,

Scott
----------------------------------------------------------------------------
"In my heart of hearts, I'm an engineer, and what makes me happy is building

something that works and having someone use it.  That's cool."

- James Gosling, Father of Java
----------------------------------------------------------------------------




> -----Original Message-----
> From: Chris Shenton [mailto:Chris.Shenton@hq.nasa.gov]
> Sent: Tuesday, January 22, 2002 4:43 PM
> To: Turbine Users List
> Subject: Turbine (with auth/session) as transparent proxy (no
> templates)?
> 
> 
> I'm working on a proxy, which after auth and session establishment,
> will retrieve URLs entered in a form (possibly rewrite URLs in html
> content) and deliver the content back to the requesting user.  So I'd
> like to use Turbine's user model and session tracking facilities. But
> I want to be able to output content to the user without the typical
> Turbine templates. It needs to be able to do this for textual and
> binary data (e.g., images, applet jars).
> 
> Currently, my proxy retrieves the requested content from the remote
> server and delivers it back to the requestor as a context variable
> inside a template. I've created empty Layout and Screen templates, but
> Turbine still emits its own BODY and other tags, which confuse the
> browser because the proxied content has its own BODY tags and such.
> 
> I also want to be able to pass through HTTP headers give me by the
> target server, so I can pass them back to the client unchanged:
> cookies, content types, expiration metadata, etc.  So basically I want
> a transparent proxy -- bypassing page-generation code -- which
> preserves request headers, and response headers and content.  But I
> want to offer this only to logged-in users and track sessions, like I
> normally do.
> 
> RunData has some methods that sound like they might do the right
> thing, but I can't tell from the JavaDoc nor the code what they
> really do:
> 
> * declareDirectResponse()
>   Declares that output will be direct to the response stream, even
>   though getOut() may never be called.
> 
> * getOut()
>   Gets the print writer.
> 
> 
> I could go low-level servlet, with methods hanging off
> RunData.getResponse().* -- the javax.servlet.http calls like
> getOutputStream() and getWriter().  The former claims to be able to
> send binary data, while the latter appears to only be able to send
> character text.  I need to be able to act like a web server to my
> client and send back binary data like image/jpeg; so must I use
> getOutputStream()?
> 
> Whichever mechanism I use I need to be able to use Turbine's auth and
> session tracking, whether its using cookies or URL-rewriting -- I need
> to support both forms of tracking.  It would be preferable if I didn't
> have to write my own cookie-handling stuff, setting the right cookie
> header, or rewriting URLs in stuff I hand back.
> 
> Any suggestions?  Thanks!
> 
> 
> --
> To unsubscribe, e-mail:   
> <ma...@jakarta.apache.org>
> For additional commands, e-mail: 
> <ma...@jakarta.apache.org>
> 

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>


Re: Turbine (with auth/session) as transparent proxy (no template s)?

Posted by Rajeev Kaul <Ra...@customercaresolutions.com>.
Skip,

I developed two classes (extensions of RawScreen) to serve direct .html,
.xml files/data, completely bypassing the default turbine template
mechanism.

The DirectResponseScreen class is used when you have either the html (e.g.,
generated by transforming XML into XSL) or the xml (with link to a style
sheet) programmatically generated in a string buffer.

The RedirectResponseScreen class is used when you want to serve a physical
html/xml file on your server.

Example use of a direct response screen:

1. In your action class (doPerform method) force the screen to be the
DirectResponseScreen class.

For example,
   runData.setScreen("DirectResponseScreen");

2. After retrieving the results (xml+xsl or html) in a stringBuffer, save
them in the runData message buffer.

runData.setMessage(strOutput);


Example use of redirect response screen

1. In your action class (doPerform method) force the screen to be the
ReDirectResponseScreen class.

For example,
   runData.setScreen("ReDirectResponseScreen");

2. Set the redirect URI in runData.

runData.setRedirectURI(strUrl);


The source code of the RawScreen extension classes is given below:

DIRECT_RESPONSE_SCREEN class
----------------------------------------------------------------------------
-------------------

package org.apache.turbine.modules.screens;

import org.apache.turbine.util.StringUtils;
import java.io.*;
/**
 * Insert the type's description here.
 * Creation date: (1/22/02 9:54:52 AM)
 * @author: Administrator
 */
public class DirectResponseScreen extends RawScreen {
 /**
  * Actually output the dynamic content.  The OutputStream can be
  * accessed like this: <pre>OutputStream out =
  * data.getResponse().getOutputStream();</pre>.
  *
  * @param data Turbine information.
  * @exception Exception, a generic exception.
  */
protected void doOutput(org.apache.turbine.util.RunData data) throws
Exception
{
 // We are using the message field of RunData to store the response
 String strXmlOut = data.getMessage();
 if (StringUtils.isValid(strXmlOut))
 {
  PrintWriter out = data.getOut();
  //
  // return XML stream to the browser
  out.println(strXmlOut);
  out.flush();
 }
}
/**
  * Set the content type.  This method should be overidden to
  * actually set the real content-type header of the output.
  *
  * @param data Turbine information.
  * @return A String with the content type.
  */
protected String getContentType(org.apache.turbine.util.RunData data)
{
 return data.getContentType();
}
}
----------------------------------------------------------------------------
-------------------


REDIRECT_RESPONSE_SCREEN class
----------------------------------------------------------------------------
-------------------
package org.apache.turbine.modules.screens;

import org.apache.turbine.util.StringUtils;
/**
 * Insert the type's description here.
 * Creation date: (1/22/02 9:54:52 AM)
 * @author: Administrator
 */
public class ReDirectResponseScreen extends RawScreen {
 /**
  * Actually output the dynamic content.  The OutputStream can be
  * accessed like this: <pre>OutputStream out =
  * data.getResponse().getOutputStream();</pre>.
  *
  * @param data Turbine information.
  * @exception Exception, a generic exception.
  */
protected void doOutput(org.apache.turbine.util.RunData data) throws
Exception
{
 String strRedirectUrl = data.getRedirectURI();
 if (StringUtils.isValid(strRedirectUrl))
 {
  data.getResponse().sendRedirect(strRedirectUrl);
 }
}
 /**
  * Set the content type.  This method should be overidden to
  * actually set the real content-type header of the output.
  *
  * @param data Turbine information.
  * @return A String with the content type.
  */
protected String getContentType(org.apache.turbine.util.RunData data)
{
 return data.getContentType();
}
}
----------------------------------------------------------------------------
-------------------


----- Original Message -----
From: "Skip Walker" <sk...@skipwalker.com>
To: "'Turbine Users List'" <tu...@jakarta.apache.org>
Sent: Wednesday, January 23, 2002 2:12 PM
Subject: RE: Turbine (with auth/session) as transparent proxy (no template
s)?


> Would you mind providing a bit more explanation  as to how you use
RawScreen
> to apply Turbine security to downloadable files?
>
> How are your screens setup to do this?
>
> How do you create a link in a template to a downloadable file which goes
> through the RawScreen?
>
> Thanks,
> Skip
>
>
>
> > -----Original Message-----
> > From: Eric Dobbs [mailto:eric@dobbse.net]
> > Sent: Wednesday, January 23, 2002 2:14 PM
> > To: Turbine Users List
> > Subject: Re: Turbine (with auth/session) as transparent proxy (no
> > template s)?
> >
> >
> > On Wednesday, January 23, 2002, at 06:56  AM, Weaver, Scott wrote:
> >
> > >> I need to be able to act like a web server to my
> > >> client and send back binary data like image/jpeg; so must I use
> > >> getOutputStream()?
> > >
> > > You may want to check out
> > org.apache.turbine.modules.screens.RawScreen.
> > > I've never used it but from what it says in the javadocs,
> > this might do
> > > the
> > > trick for you.
> >
> > We use RawScreen to allow uses to download binary files.  It
> > has worked great for us.  Added bonus, we can apply Turbine's
> > security mechanisms to ensure that users can only download
> > their own files.
> >
> > -Eric
> >
> > --
> > To unsubscribe, e-mail:
> > <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> > <ma...@jakarta.apache.org>
> >
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>


HOWTO secure RawScreen (was Re: Turbine (with auth/session) as transparent proxy (no template s)?)

Posted by Eric Dobbs <er...@dobbse.net>.
On Wednesday, January 23, 2002, at 03:12  PM, Skip Walker wrote:

> Would you mind providing a bit more explanation  as to how you use 
> RawScreen
> to apply Turbine security to downloadable files?

Sorry to take so long to reply to this one.

public class Download extends RawScreen
{
     public void doOutput(RunData data) throws Exception
     {
         if (!isAuthorized(data))
         {
            // do something to tell the user they don't have permission
         }
         else
         {
            // do the download stuff
         }
     }

     protected boolean isAuthorized(RunData data)
     {
         // do the security check here.  Get whatever info you need
         // about the user from RunData
     }
}

(I typed that in by hand, so it probably doesn't compile as is)


> How do you create a link in a template to a downloadable file which goes
> through the RawScreen?

http://mydomain:8080/myapp/servlet/myapp/screen/Download

or in Velocity:
$link.setScreen("Download")


Hope that helps.
-Eric

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>


RE: Turbine (with auth/session) as transparent proxy (no template s)?

Posted by Skip Walker <sk...@skipwalker.com>.
Would you mind providing a bit more explanation  as to how you use RawScreen
to apply Turbine security to downloadable files?

How are your screens setup to do this?

How do you create a link in a template to a downloadable file which goes
through the RawScreen?

Thanks,
Skip



> -----Original Message-----
> From: Eric Dobbs [mailto:eric@dobbse.net]
> Sent: Wednesday, January 23, 2002 2:14 PM
> To: Turbine Users List
> Subject: Re: Turbine (with auth/session) as transparent proxy (no
> template s)?
>
>
> On Wednesday, January 23, 2002, at 06:56  AM, Weaver, Scott wrote:
>
> >> I need to be able to act like a web server to my
> >> client and send back binary data like image/jpeg; so must I use
> >> getOutputStream()?
> >
> > You may want to check out
> org.apache.turbine.modules.screens.RawScreen.
> > I've never used it but from what it says in the javadocs,
> this might do
> > the
> > trick for you.
>
> We use RawScreen to allow uses to download binary files.  It
> has worked great for us.  Added bonus, we can apply Turbine's
> security mechanisms to ensure that users can only download
> their own files.
>
> -Eric
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>


Re: Turbine (with auth/session) as transparent proxy (no template s)?

Posted by Eric Dobbs <er...@dobbse.net>.
On Wednesday, January 23, 2002, at 06:56  AM, Weaver, Scott wrote:

>> I need to be able to act like a web server to my
>> client and send back binary data like image/jpeg; so must I use
>> getOutputStream()?
>
> You may want to check out org.apache.turbine.modules.screens.RawScreen.
> I've never used it but from what it says in the javadocs, this might do 
> the
> trick for you.

We use RawScreen to allow uses to download binary files.  It
has worked great for us.  Added bonus, we can apply Turbine's
security mechanisms to ensure that users can only download
their own files.

-Eric

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>