You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by "Mark W. Shead" <mw...@fas.harvard.edu> on 2009/09/17 05:25:11 UTC
Session State Object Creating Itself
I have an abstract class that is extended by pages that require a
login. This seems to work except for on the page where I actually
manage the users. It appears that the session state object is creating
itself.
There is a user session state object. If someone tries to go to an
authenticated page, userExists is checked. If it is false then the
browser is redirected to the login page.
It appears that the user session state object is being created on its
own somehow which lets you access the page without logging in. The
properties of this phantom user object are all set to
"ApplicationStateManager". (For example user.username is set to
ApplicationStateManager.) Is this a bug or am I misunderstanding how
things work? It seems to work fine on other pages that don't deal
with user management.
Am I somehow creating the session state object using some sort of
convention I'm unaware of?
Mark
public class AbstractAuthenticatedPage {
@Inject
private Logger _logger;
@Property
@SessionState
private User user;
private boolean userExists;
@InjectPage
private Login loginPage;
Object onActivate() {
if(!userExists) {
_logger.debug("User does not exist, sending to login page");
loginPage.setNext(this.getClass());
return loginPage;
}
return null;
}
}
public class ManageUsers extends AbstractAuthenticatedPage{
@Inject
private IDataSource ds;
@Property
private User aUser;
@Persist("flash")
@Property
private User newUser;
public Object onActivate() {
newUser = new User();
return null;
}
public List<User> getAllUsers() {
return ds.getAllUsers();
}
public void onSuccessFromNewUserForm() {
ds.addUser(newUser);
newUser = new User();
}
public void onActionFromRemoveUser(String userName) {
ds.deleteUser(userName);
}
}
Re: Session State Object Creating Itself
Posted by "Mark W. Shead" <mw...@fas.harvard.edu>.
Never mind. One onActivate was canceling out the other. I should
probably stop coding and go to bed. :)
Mark
On Sep 16, 2009, at 10:25 PM, Mark W. Shead wrote:
> I have an abstract class that is extended by pages that require a
> login. This seems to work except for on the page where I actually
> manage the users. It appears that the session state object is
> creating itself.
>
> There is a user session state object. If someone tries to go to an
> authenticated page, userExists is checked. If it is false then the
> browser is redirected to the login page.
>
> It appears that the user session state object is being created on
> its own somehow which lets you access the page without logging in.
> The properties of this phantom user object are all set to
> "ApplicationStateManager". (For example user.username is set to
> ApplicationStateManager.) Is this a bug or am I misunderstanding
> how things work? It seems to work fine on other pages that don't
> deal with user management.
>
> Am I somehow creating the session state object using some sort of
> convention I'm unaware of?
>
> Mark
>
> public class AbstractAuthenticatedPage {
>
> @Inject
> private Logger _logger;
>
> @Property
> @SessionState
> private User user;
> private boolean userExists;
> @InjectPage
> private Login loginPage;
>
> Object onActivate() {
> if(!userExists) {
> _logger.debug("User does not exist, sending to login page");
>
> loginPage.setNext(this.getClass());
> return loginPage;
> }
> return null;
> }
> }
>
>
>
> public class ManageUsers extends AbstractAuthenticatedPage{
>
> @Inject
> private IDataSource ds;
>
> @Property
> private User aUser;
>
> @Persist("flash")
> @Property
> private User newUser;
>
>
> public Object onActivate() {
> newUser = new User();
> return null;
> }
>
> public List<User> getAllUsers() {
> return ds.getAllUsers();
> }
>
> public void onSuccessFromNewUserForm() {
> ds.addUser(newUser);
> newUser = new User();
> }
>
> public void onActionFromRemoveUser(String userName) {
> ds.deleteUser(userName);
> }
> }
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org