You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@turbine.apache.org by "Randall G. Alley" <ir...@bellsouth.net> on 2001/04/05 20:25:09 UTC
How to set template after Permission failure ?
I was wondering if someone could advise me on the best way to do this.
I have a set of secure actions that check for proper permissions like the
example from Flux,
FluxAction.java. I would like to set a template to go to when the
permission check fails in
the isAuthorized method.
But calling data.setScreenTemplate() from within the method isAuthorized
isn't having an effect. Is this the proper place to do this ?
protected boolean isAuthorized( RunData data ) throws Exception
{
boolean isAuthorized = false;
AccessControlList acl = (AccessControlList)
data.getSession().getValue(AccessControlList.SESSION_KEY);
/*
* Grab the Flux Admin role listed in the Flux.properties
* file that is included in the the standard
* TurbineResources.properties file.
*/
String fluxAdminRole =
TurbineResources.getString("flux.admin.role");
/*
* This should be taken from a config file, this
* hard coding is no good for widespread use
* of the admin app. I think a permissions file
* would be better for the whole system.
*/
if (acl==null || ! acl.hasRole(fluxAdminRole))
{
isAuthorized = false;
>> data.setScreenTemplate("login.vm");
}
else if(acl.hasPermission(fluxAdminRole))
{
isAuthorized = true;
}
return isAuthorized;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
Re: How to set template after Permission failure ?
Posted by "Randall G. Alley" <ir...@bellsouth.net>.
Jon Stevens wrote:
> on 4/5/01 11:59 AM, "Randall G. Alley" <ir...@bellsouth.net> wrote:
>
> > I don't understand what you doing with the getContext method, passing the
> > current template name back into the context ?
>
> That adds the currently requested template name to the context as
> $nextTemplate
>
> Imagine that someone makes a request for a "restricted" page. If they don't
> have access, they are shown the "Login.vm" page, but they really wanted the
> page that they asked for. So, they are given a chance to login and then the
> login system remembers that and sends them to the page they requested after
> a successful login.
>
> In the Login.vm page, I have a hidden <input> tag that gets populated with
> the value of $nextTemplate.
>
> In the Login.java Action, I check to see if nextTemplate is defined. If so,
> I send them to that page instead of sending them to the "start" page.
I gotcha. Cool.
> > And why is the doRedirect preferable here ?
>
> <smile> I could repeat what it says in the javadoc for the method or you can
> just read it yourself. :-)
Will do. Thanks again Jon.
R.
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
Re: How to set template after Permission failure ?
Posted by Jon Stevens <jo...@latchkey.com>.
on 4/5/01 11:59 AM, "Randall G. Alley" <ir...@bellsouth.net> wrote:
> I don't understand what you doing with the getContext method, passing the
> current template name back into the context ?
That adds the currently requested template name to the context as
$nextTemplate
Imagine that someone makes a request for a "restricted" page. If they don't
have access, they are shown the "Login.vm" page, but they really wanted the
page that they asked for. So, they are given a chance to login and then the
login system remembers that and sends them to the page they requested after
a successful login.
In the Login.vm page, I have a hidden <input> tag that gets populated with
the value of $nextTemplate.
In the Login.java Action, I check to see if nextTemplate is defined. If so,
I send them to that page instead of sending them to the "start" page.
> And why is the doRedirect preferable here ?
<smile> I could repeat what it says in the javadoc for the method or you can
just read it yourself. :-)
thanks,
-jon
--
If you come from a Perl or PHP background, JSP is a way to take
your pain to new levels. --Anonymous
<http://jakarta.apache.org/velocity/ymtd/ymtd.html>
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
Re: How to set template after Permission failure ?
Posted by "Randall G. Alley" <ir...@bellsouth.net>.
Thanks for the reply, Jon.
A great big DUH from my end, as right after I posted my question (and during
your rapid-fire response, no doubt), I
got data.setScreenTemplate("login.vm") to work.
I don't understand what you doing with the getContext method, passing the
current template name back into the context ?
And why is the doRedirect preferable here ?
protected boolean isAuthorized( RunData data ) throws Exception
{
if (!data.getUser().hasLoggedIn())
{
getContext(data).put(ScarabConstants.NEXT_TEMPLATE,
data.getTemplateInfo().getScreenTemplate());
doRedirect(data, "Login.vm");
return false;
}
return true;
}
Sorry for being dense,
Randy
Jon Stevens wrote:
> on 4/5/01 11:25 AM, "Randall G. Alley" <ir...@bellsouth.net> wrote:
>
> > I was wondering if someone could advise me on the best way to do this.
> >
> > I have a set of secure actions that check for proper permissions like the
> > example from Flux,
> > FluxAction.java. I would like to set a template to go to when the
> > permission check fails in
> > the isAuthorized method.
> >
> > But calling data.setScreenTemplate() from within the method isAuthorized
> > isn't having an effect. Is this the proper place to do this ?
>
> You want doRedirect().
>
> Here is an example:
>
> <http://scarab.tigris.org/source/browse/scarab/src/java/org/tigris/scarab/sc
> reens/base/RequireLoginFirst.java?rev=1.2&content-type=text/x-cvsweb-markup>
>
> No, that doesn't do a HTTP redirect.
>
> -jon
>
> --
> If you come from a Perl or PHP background, JSP is a way to take
> your pain to new levels. --Anonymous
> <http://jakarta.apache.org/velocity/ymtd/ymtd.html>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
Re: How to set template after Permission failure ?
Posted by Jon Stevens <jo...@latchkey.com>.
on 4/5/01 11:25 AM, "Randall G. Alley" <ir...@bellsouth.net> wrote:
> I was wondering if someone could advise me on the best way to do this.
>
> I have a set of secure actions that check for proper permissions like the
> example from Flux,
> FluxAction.java. I would like to set a template to go to when the
> permission check fails in
> the isAuthorized method.
>
> But calling data.setScreenTemplate() from within the method isAuthorized
> isn't having an effect. Is this the proper place to do this ?
You want doRedirect().
Here is an example:
<http://scarab.tigris.org/source/browse/scarab/src/java/org/tigris/scarab/sc
reens/base/RequireLoginFirst.java?rev=1.2&content-type=text/x-cvsweb-markup>
No, that doesn't do a HTTP redirect.
-jon
--
If you come from a Perl or PHP background, JSP is a way to take
your pain to new levels. --Anonymous
<http://jakarta.apache.org/velocity/ymtd/ymtd.html>
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org