You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cocoon.apache.org by Thorsten Scherler <sc...@gmail.com> on 2011/10/29 23:03:49 UTC

[c3] bug in "controller-aware-string-template"? (was Re: svn commit: r1195029 )

On Sat, 2011-10-29 at 20:49 +0000, thorsten@apache.org wrote:
> Propchange: cocoon/cocoon3/trunk/cocoon-shiro/rcl.properties
> ------------------------------------------------------------------------------
>     svn:eol-style = native
> 
> Added:
> cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java
> URL:
> http://svn.apache.org/viewvc/cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java?rev=1195029&view=auto
> ==============================================================================
> ---
> cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java (added)
> +++
> cocoon/cocoon3/trunk/cocoon-shiro/src/main/java/org/apache/cocoon/shiro/rest/AbstractShiroLogin.java Sat Oct 29 20:49:09 2011
> @@ -0,0 +1,113 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements.  See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership.  The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License.  You may obtain a copy of the License at
> + *
> + *     http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied.  See the License for the
> + * specific language governing permissions and limitations
> + * under the License.
> + */
> +package org.apache.cocoon.shiro.rest;
> +
> +import java.util.HashMap;
> +import java.util.Map;
> +
> +import org.apache.cocoon.rest.controller.annotation.RESTController;
> +import org.apache.cocoon.rest.controller.annotation.RequestParameter;
> +import org.apache.cocoon.rest.controller.method.Get;
> +import org.apache.cocoon.rest.controller.method.Post;
> +import org.apache.cocoon.rest.controller.response.RedirectResponse;
> +import org.apache.cocoon.rest.controller.response.RestResponse;
> +import org.apache.cocoon.rest.controller.response.URLResponse;
> +import org.apache.commons.lang3.StringUtils;
> +import org.apache.shiro.SecurityUtils;
> +import org.apache.shiro.authc.IncorrectCredentialsException;
> +import org.apache.shiro.authc.UnknownAccountException;
> +import org.apache.shiro.authc.UsernamePasswordToken;
> +import org.apache.shiro.session.Session;
> +import org.apache.shiro.subject.Subject;
> +import org.apache.shiro.web.util.SavedRequest;
> +import org.apache.shiro.web.util.WebUtils;
> +import org.slf4j.Logger;
> +import org.slf4j.LoggerFactory;
> +
> +@RESTController
> +public abstract class AbstractShiroLogin implements Post, Get{
> +    
> +    protected abstract String getErrorLogin() ;
> +    protected abstract String getDefaultTo();
> +    protected abstract String getLoginPage() ;
> +    
> +    @RequestParameter
> +    private String username;
> +    @RequestParameter
> +    private String password;
> +    @RequestParameter
> +    protected String to;
> +    protected static final Logger LOG =
> LoggerFactory.getLogger(AbstractShiroLogin.class);
> +
> +    public RestResponse doPost() throws Exception {
> +        // create a UsernamePasswordToken using the
> +        // username and password provided by the user
> +        UsernamePasswordToken token = new
> UsernamePasswordToken(username,
> +                password);
> +        Subject subject = SecurityUtils.getSubject();
> +        boolean error = true;
> +        try {
> +            subject.login(token);
> +            error = false;
> +        } catch (UnknownAccountException ex) {
> +            LOG.error("UnknownAccountException", ex);
> +        } catch (IncorrectCredentialsException ex) {
> +            // password provided did not match password found in
> database
> +            // for the username provided
> +            LOG.error("IncorrectCredentialsException", ex);
> +        } catch (Exception e) {
> +            LOG.error("Exception", e);
> +        } finally {
> +            token.clear();
> +        }
> +        // clear the information stored in the token
> +        if (error) {
> +            Map<String, Object> data = new HashMap<String, Object>();
> +            data.put("error", true);
> +            data.put("to", getTo());
> +            return new URLResponse(getErrorLogin(), data);
> +        } else {
> +            return new RedirectResponse(getTo());
> +        }
> +    }
> +
> +    public RestResponse doGet() throws Exception {
> +        Subject subject = SecurityUtils.getSubject();
> +        Session session = subject.getSession();
> +        SavedRequest savedRequest = (SavedRequest) session
> +                .getAttribute(WebUtils.SAVED_REQUEST_KEY);
> +        if (null != savedRequest) {
> +            to = savedRequest.getRequestURI();
> +            // now remove the session again
> +            session.setAttribute(WebUtils.SAVED_REQUEST_KEY, null);
> +        }
> +        Map<String, Object> data = new HashMap<String, Object>();
> +        data.put("to", getTo());
> +        // FIXME: If we activate the following $if(error)$ will kick
> in even if it should not!
> +        //data.put("error", false);
> +        return new URLResponse(getLoginPage(), data);

Mind the "FIXME: If we activate the following $if(error)$ will kick in
even if it should not!
//data.put("error", false);"

We use in the sitemap:

+      <map:match pattern="screen/login">
+        <map:generate src="login.xml"
+          type="controller-aware-string-template" />
+        <map:serialize type="xhtml" />
+      </map:match>

and in the screen
$if(error)$
      <strong>error: $error$ There has been an error in the
login.</strong>
      $endif$

@Francesco can it be that the controller-aware-string-template needs the
same treatment and the other to activate the $if(boolean)$?

salu2
-- 
Thorsten Scherler <thorsten.at.apache.org>
codeBusters S.L. - web based systems
<consulting, training and solutions>
http://www.codebusters.es/

Re: [c3] bug in "controller-aware-string-template"? (was Re: svn commit: r1195029 )

Posted by Thorsten Scherler <sc...@gmail.com>.

On Mon, 2011-10-31 at 08:37 +0100, Francesco Chicchiriccò wrote:
> On 29/10/2011 23:03, Thorsten Scherler wrote:
> > [...]
> > @Francesco can it be that the controller-aware-string-template needs 
> > the same treatment and the other to activate the $if(boolean)$? salu2 
> 
> You are right: just committed a fix for this (commit r1195361).
> 

Thank you very much :)

salu2
-- 
Thorsten Scherler <thorsten.at.apache.org>
codeBusters S.L. - web based systems
<consulting, training and solutions>
http://www.codebusters.es/

Re: [c3] bug in "controller-aware-string-template"? (was Re: svn commit: r1195029 )

Posted by Francesco Chicchiriccò <il...@apache.org>.

On 29/10/2011 23:03, Thorsten Scherler wrote:
> [...]
> @Francesco can it be that the controller-aware-string-template needs 
> the same treatment and the other to activate the $if(boolean)$? salu2 

You are right: just committed a fix for this (commit r1195361).

Regards.

-- 
Francesco Chicchiriccò

Apache Cocoon Committer and PMC Member
http://people.apache.org/~ilgrosso/