You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tapestry.apache.org by David Canteros <da...@gmail.com> on 2011/07/30 00:58:40 UTC

onActivate doubt

Hello:

First of all thanks for your help, I read the mails every day and I always
take something useful for my tap applications.

I have to implement an automatic login on my tap application. I use tap
5.2.6 and tapestry-security 0.3.1.
Initially I had a Login page with a login form,  but now I have to pass the
username and password to the login page via url, like this:

*http://localhost:8080/MyAppName/login?usr=userName&pass=encryptedPass*

If I try to enter writing "http://localhost:8080/MyAppName/" then I have to
redirect to an external page (This is a client requirement).
Now I catch the usr and pass in.onActivate() method and here I execute the
following logic:


*@ActivationRequestParameter("usr")
private String usr;
@ActivationRequestParameter ("pass")
private String pass;


Object onActivate(){
    Object nextpage;
    if (usr!=null && pass!=null){
        if(doLogin(usr, pass){
            nextPage = "Index";
        } else {
            nextPage= "LoginErrorPage";
        }
    } else {
       nextPage= new URL "ExternalPage";
    }
}*

The problem is: If I write "http://localhost:8080/MyAppName/" in my browser
and hit enter, then the login page appear, but it doesn't execute
onActivate() method!
So I can't redirect to the external page. But if I write "
http://localhost:8080/MyAppName/login" the method is executed. Anybody know
why??
I thought that onActivate is always executed when a page is called.

Thanks!!

David


------------------------------------------------------------------
David Germán Canteros

Re: onActivate doubt

Posted by David Canteros <da...@gmail.com>.

Hi, thank you both for the answers!

I know the problem of passing user&pass via url, but for the time being I
can't change it.  All pages ( except Login ) are protected by
@RequiresAuthentication annotation of tapestry-security framework thus they
are locked if you are not logged. Login page appear because I have defined
the following security symbols in the Module:

*        configuration.add(SecuritySymbols.LOGIN_URL, "/login");
        configuration.add(SecuritySymbols.DEFAULTSIGNINPAGE, "/login");
        configuration.add(SecuritySymbols.SUCCESS_URL, "/Index");
        configuration.add(SecuritySymbols.UNAUTHORIZED_URL,
"/Unauthorized");*

My doubt was the onActivate() method behavior. Why was the page loaded and
wasn't onActivate launched? Do you think the way that the page was invoked (
implicitly) causes the behavior?. I will try nillehammer's suggestion, and
I'll have a look at jumpstart as well.

Thank you again!

David



------------------------------------------------------------------
David Germán Canteros


2011/7/29 Thiago H. de Paula Figueiredo <th...@gmail.com>

> On Fri, 29 Jul 2011 19:58:40 -0300, David Canteros <
> davidcanteros.cba@gmail.com> wrote:
>
>  I have to implement an automatic login on my tap application. I use tap
>> 5.2.6 and tapestry-security 0.3.1.
>> Initially I had a Login page with a login form,  but now I have to pass
>> the username and password to the login page via url, like this:
>> *http://localhost:8080/**MyAppName/login?usr=userName&**
>> pass=encryptedPass*<http://localhost:8080/MyAppName/login?usr=userName&pass=encryptedPass*>
>>
>
> I'd never, ever, ever do that. It can open your application to replay
> attacks.
>
>
>  The problem is: If I write "http://localhost:8080/**MyAppName/<http://localhost:8080/MyAppName/>"
>> in my browser and hit enter, then the login page appear, but it doesn't
>> execute
>> onActivate() method! So I can't redirect to the external page. But if I
>> write "
>> http://localhost:8080/**MyAppName/login<http://localhost:8080/MyAppName/login>"
>> the method is executed. Anybody know why??
>>
>
> MyAppName is the context, so http://localhost:8080/**MyAppName/<http://localhost:8080/MyAppName/>is requesting the Index page of your application. Your login page has URL
> /login, so what you're seeing is absolutely correct, expected behavior.
>
>
>  I thought that onActivate is always executed when a page is called.
>>
>
> It's only executed in the page that was requested. If you want to implement
> something that is executed in every page, search for ComponentRequestFilter
> in the mailing list or look here: http://jumpstart.**
> doublenegative.com.au/**jumpstart/examples/**
> infrastructure/protectingpages<http://jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages>
>
> --
> Thiago H. de Paula Figueiredo
> Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
> and instructor
> Owner, Ars Machina Tecnologia da Informação Ltda.
> http://www.arsmachina.com.br
>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.**apache.org<us...@tapestry.apache.org>
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>

Re: onActivate doubt

Posted by "Thiago H. de Paula Figueiredo" <th...@gmail.com>.

On Fri, 29 Jul 2011 19:58:40 -0300, David Canteros  
<da...@gmail.com> wrote:

> I have to implement an automatic login on my tap application. I use tap
> 5.2.6 and tapestry-security 0.3.1.
> Initially I had a Login page with a login form,  but now I have to pass  
> the username and password to the login page via url, like this:
> *http://localhost:8080/MyAppName/login?usr=userName&pass=encryptedPass*

I'd never, ever, ever do that. It can open your application to replay  
attacks.

> The problem is: If I write "http://localhost:8080/MyAppName/" in my  
> browser and hit enter, then the login page appear, but it doesn't execute
> onActivate() method! So I can't redirect to the external page. But if I  
> write "
> http://localhost:8080/MyAppName/login" the method is executed. Anybody  
> know why??

MyAppName is the context, so http://localhost:8080/MyAppName/ is  
requesting the Index page of your application. Your login page has URL  
/login, so what you're seeing is absolutely correct, expected behavior.

> I thought that onActivate is always executed when a page is called.

It's only executed in the page that was requested. If you want to  
implement something that is executed in every page, search for  
ComponentRequestFilter in the mailing list or look here:  
http://jumpstart.doublenegative.com.au/jumpstart/examples/infrastructure/protectingpages

-- 
Thiago H. de Paula Figueiredo
Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,  
and instructor
Owner, Ars Machina Tecnologia da Informação Ltda.
http://www.arsmachina.com.br

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: onActivate doubt

Posted by nillehammer <ta...@winfonet.eu>.

You can have more than one onActivate method in a page class. Tapestry
determines, which to call by the parameter count. You can write a catch-all
onActivate. Code looks like this:
Object onActivate(EventContext context) {
  ....
}
If this is the only onActivate-method in the page it will always be called.
(Or even if there are others, haven't tried that out.)
But I think you  might have another problem, because it is not clear to me
how your login page can be displayed, when the url for idnex
(http://localhost:8080/MyAppName/) is called.

-----
http://www.winfonet.eu
--
View this message in context: http://tapestry.1045711.n5.nabble.com/onActivate-doubt-tp4648587p4648737.html
Sent from the Tapestry - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org