You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@turbine.apache.org by Naree Song <na...@me.com.au> on 2003/11/18 08:09:54 UTC

ErrorScreen and SecureScreen

Hello,

I want to use SecureScreen to limit access to some pages
but I also want to use ErrorScreen so that if there is any Exception
then the user will be taken to custom error page, not the default one.

But since in JAVA, you cannot extend from two parents, I have to choose
one or the other.

Has anyone have the same problem and found workaround?

Or are more elegant solutions always present in Turbine?

Regards,
Naree
--
Media Equation
71 - 73 Thistlethwaite Street
South Melbourne 3205
Australia
Tel:    + 613 9673 8111
Fax:   + 613 9690 4244

Re: ErrorScreen and SecureScreen

Posted by Naree Song <na...@me.com.au>.

Thanks, Jeff.
That was the information I needed.

Regards,
Naree
--
Media Equation
71 - 73 Thistlethwaite Street
South Melbourne 3205
Australia
Tel:    + 613 9673 8111
Fax:   + 613 9690 4244

----- Original Message -----
From: "Jeff Painter" <pa...@kiasoft.com>
To: "Turbine Users List" <tu...@jakarta.apache.org>
Sent: Wednesday, November 19, 2003 12:31 PM
Subject: Re: ErrorScreen and SecureScreen


>
> You should be able to handle this with something like the following
>
> data.setMessage("this is your error message.")
>
> in the exception handler part of your doBuildTemplate()
>
> you can then use data.setScreenTemplate() to redirect the user to
> whichever error screen you want. currently the default I believe would
> just pull from TurbineResources.getString("template.error")
>
> in your error.vm you should have some code setup with velocity
> such as
>
> #if ( $data.getMessage() )
>
> <!-- custom error -->
> $data.getMessage()
>
> #else
> <!-- no message, default error -->
> #end
>
> I have used the error screens in this way when a user
> does not validate correctly for certain permissions and
> return helpful messages to the user such as they are
> trying to access a restricted resource in the
> system.
>
> so in my securescreen class for admin functions I have the
> following code:
>
>     protected boolean isAuthorized( RunData data )  throws Exception
>     {
>         boolean isAuthorized = false;
>
>         AccessControlList acl = data.getACL();
>
>         if ( acl.hasRole("admin") )
>         {
>             isAuthorized = true;
>
>         } else {
>             data.setScreenTemplate(
>                 TurbineResources.getString("template.error"));
>             data.setMessage("You do not have access to admin functions.");
>             isAuthorized = false;
>         }
>         return isAuthorized;
>     }
>
> This works out pretty nicely for me. I would think you could
> probably rework the data.setMessage() to aggregate error messages as well
> if this turns out to be a chain of events that lead to the error, although
> I have not looked into this too heavily. at the moment I just take the
> last error that completes the data.setMessage() and let it override
> the super class error messages.
>
> I hope this helps. I'm at the apache con now and will talk to the
> developers at tonights meeting about aggregation of error messages through
> a chain that could then be returned to the error template.
>
> Jeff Painter
> painter@kiasoft.com
>
>
> On Wed, 19 Nov 2003, Naree Song wrote:
>
> > Hello Scott,
> >
> > Ok, this is what I want to do.
> > Whenever there is an exception and if it was not handled,
> > I want the user to be redirected to somewhere instead of being shown
> > the java trace stack.
> >
> > For example, if the user was trying to access a class that does not
exist,
> > then they will get this kind of error.
> >
> > Horrible Exception: java.lang.ClassNotFoundException:
> > Requested Action not found: LoginUsers
> > Turbine looked in the following modules.packages path:
> > [com.me.mepay.modules, org.apache.turbine.flux.modules,
> > org.apache.turbine.modules]
> >
> > at
> >
org.apache.turbine.modules.ActionLoader.getInstance(ActionLoader.java:186)
> > at org.apache.turbine.modules.ActionLoader.exec(ActionLoader.java:134)
> > at
> >
org.apache.turbine.modules.pages.DefaultPage.doBuild(DefaultPage.java:154)
> > at org.apache.turbine.modules.Page.build(Page.java:91)
> > at org.apache.turbine.modules.PageLoader.exec(PageLoader.java:136)
> > at org.apache.turbine.Turbine.doGet(Turbine.java:796)
> >
> > Regards,
> > Naree
> > --
> > Media Equation
> > 71 - 73 Thistlethwaite Street
> > South Melbourne 3205
> > Australia
> > Tel:    + 613 9673 8111
> > Fax:   + 613 9690 4244
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-user-help@jakarta.apache.org
>
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org

Re: ErrorScreen and SecureScreen

Posted by Jeff Painter <pa...@kiasoft.com>.

You should be able to handle this with something like the following

	data.setMessage("this is your error message.")

in the exception handler part of your doBuildTemplate()

you can then use data.setScreenTemplate() to redirect the user to 
whichever error screen you want. currently the default I believe would 
just pull from TurbineResources.getString("template.error")

in your error.vm you should have some code setup with velocity
such as

	#if ( $data.getMessage() )

		<!-- custom error -->
		$data.getMessage()

	#else
		<!-- no message, default error -->
	#end

I have used the error screens in this way when a user
does not validate correctly for certain permissions and
return helpful messages to the user such as they are
trying to access a restricted resource in the
system.

so in my securescreen class for admin functions I have the
following code:

    protected boolean isAuthorized( RunData data )  throws Exception
    {
        boolean isAuthorized = false;

        AccessControlList acl = data.getACL();

        if ( acl.hasRole("admin") )
        {
            isAuthorized = true;

        } else {
            data.setScreenTemplate(
                TurbineResources.getString("template.error"));
            data.setMessage("You do not have access to admin functions.");
            isAuthorized = false;
        }
        return isAuthorized;
    }

This works out pretty nicely for me. I would think you could
probably rework the data.setMessage() to aggregate error messages as well 
if this turns out to be a chain of events that lead to the error, although 
I have not looked into this too heavily. at the moment I just take the 
last error that completes the data.setMessage() and let it override
the super class error messages.

I hope this helps. I'm at the apache con now and will talk to the 
developers at tonights meeting about aggregation of error messages through 
a chain that could then be returned to the error template.

Jeff Painter
painter@kiasoft.com

On Wed, 19 Nov 2003, Naree Song wrote:

> Hello Scott,
> 
> Ok, this is what I want to do.
> Whenever there is an exception and if it was not handled,
> I want the user to be redirected to somewhere instead of being shown
> the java trace stack.
> 
> For example, if the user was trying to access a class that does not exist,
> then they will get this kind of error.
> 
> Horrible Exception: java.lang.ClassNotFoundException:
> Requested Action not found: LoginUsers
> 	Turbine looked in the following modules.packages path:
> 	[com.me.mepay.modules, org.apache.turbine.flux.modules,
> org.apache.turbine.modules]
> 
> 	at
> org.apache.turbine.modules.ActionLoader.getInstance(ActionLoader.java:186)
> 	at org.apache.turbine.modules.ActionLoader.exec(ActionLoader.java:134)
> 	at
> org.apache.turbine.modules.pages.DefaultPage.doBuild(DefaultPage.java:154)
> 	at org.apache.turbine.modules.Page.build(Page.java:91)
> 	at org.apache.turbine.modules.PageLoader.exec(PageLoader.java:136)
> 	at org.apache.turbine.Turbine.doGet(Turbine.java:796)
> 
> Regards,
> Naree
> --
> Media Equation
> 71 - 73 Thistlethwaite Street
> South Melbourne 3205
> Australia
> Tel:    + 613 9673 8111
> Fax:   + 613 9690 4244
> 
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org

Re: ErrorScreen and SecureScreen

Posted by Naree Song <na...@me.com.au>.

Hello Scott,

Ok, this is what I want to do.
Whenever there is an exception and if it was not handled,
I want the user to be redirected to somewhere instead of being shown
the java trace stack.

For example, if the user was trying to access a class that does not exist,
then they will get this kind of error.

Horrible Exception: java.lang.ClassNotFoundException:
Requested Action not found: LoginUsers
	Turbine looked in the following modules.packages path:
	[com.me.mepay.modules, org.apache.turbine.flux.modules,
org.apache.turbine.modules]

	at
org.apache.turbine.modules.ActionLoader.getInstance(ActionLoader.java:186)
	at org.apache.turbine.modules.ActionLoader.exec(ActionLoader.java:134)
	at
org.apache.turbine.modules.pages.DefaultPage.doBuild(DefaultPage.java:154)
	at org.apache.turbine.modules.Page.build(Page.java:91)
	at org.apache.turbine.modules.PageLoader.exec(PageLoader.java:136)
	at org.apache.turbine.Turbine.doGet(Turbine.java:796)

Regards,
Naree
--
Media Equation
71 - 73 Thistlethwaite Street
South Melbourne 3205
Australia
Tel:    + 613 9673 8111
Fax:   + 613 9690 4244



----- Original Message -----
From: "Scott Eade" <se...@backstagetech.com.au>
To: "Turbine Users List" <tu...@jakarta.apache.org>
Sent: Wednesday, November 19, 2003 9:40 AM
Subject: Re: ErrorScreen and SecureScreen


> Naree Song wrote:
>
> >I want to use SecureScreen to limit access to some pages
> >but I also want to use ErrorScreen so that if there is any Exception
> >then the user will be taken to custom error page, not the default one.
> >
> >But since in JAVA, you cannot extend from two parents, I have to choose
> >one or the other.
> >
> >
> Do you really need your error screen to be secured?
>
> Scott
>
> --
> Scott Eade
> Backstage Technologies Pty. Ltd.
> http://www.backstagetech.com.au
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-user-help@jakarta.apache.org
>
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org

Re: ErrorScreen and SecureScreen

Posted by Scott Eade <se...@backstagetech.com.au>.

Naree Song wrote:

>I want to use SecureScreen to limit access to some pages
>but I also want to use ErrorScreen so that if there is any Exception
>then the user will be taken to custom error page, not the default one.
>
>But since in JAVA, you cannot extend from two parents, I have to choose
>one or the other.
>  
>
Do you really need your error screen to be secured?

Scott

-- 
Scott Eade
Backstage Technologies Pty. Ltd.
http://www.backstagetech.com.au





---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org