Solved

Do an action at the page loading

Posted on 2009-07-01
14
286 Views
Last Modified: 2013-11-24
Hi!

I want to do a check on user when I load a page, how can we do this when the page is loading?

(i use JSF pages)
Thanks you!
0
Comment
Question by:Nargzul
  • 7
  • 6
14 Comments
 
LVL 3

Accepted Solution

by:
serrutom earned 500 total points
ID: 24757860
You want to check if the user is logged in?

Create a pages.xml file:

<pages login-view-id="/login/login.xhtml">
      <page view-id="/site/*" login-required="true" timeout="900000"/>
      <page view-id="/login/*">
            <navigation>
                  <rule if="#{identity.loggedIn}">
                        <redirect view-id="/site/home/home.xhtml"/>
                  </rule>
            </navigation>
      </page>
      <exception class="org.jboss.seam.security.NotLoggedInException">
            <redirect view-id="/login/login.xhtml">
                  <message>You must be logged in to perform this action</message>
            </redirect>
      </exception>
</pages>

Create a components.xml file:

<components xmlns="http://jboss.com/products/seam/components"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:bpm="http://jboss.com/products/seam/bpm"
            xmlns:web="http://jboss.com/products/seam/web"
            xmlns:security="http://jboss.com/products/seam/security">
      <security:identity authenticate-method="#{Authenticator.authenticate}"/>
</components>

Create the Authenticator bean:

@Name("Authenticator")
public class Authenticator {
   public boolean authenticate() {
      ...
   }
}
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24757944
It seems to be what I need.

Just some questions:

-I don't understand why we need the components.xml
-The <rule if=... must be linked to the Authenticator bean I think?
-Where the <message>...</message> will be displayed on our page.

Thanks a lot for the help!
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24757964
I don't use seam, is it a problem? Must we register this  page.xml somewhere?

I've found this, but it's more complicated : http://jsf-comp.sourceforge.net/components/on-load/index.html
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 3

Expert Comment

by:serrutom
ID: 24758005
If you don't user seam you can do it by adding following to your web.xml file:

      <security-constraint>
            <web-resource-collection>
                  <web-resource-name>Protected pages</web-resource-name>
                  <url-pattern>/secure/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                  <role-name>USER</role-name>
            </auth-constraint>
            <user-data-constraint>
                  <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
      </security-constraint>
      <security-role>
            <role-name>USER</role-name>
      </security-role>

You also need to define the authentication class in your application server. In JBoss it is done by adding this to the login-config.xml file:

    <application-policy name = "other">
        <authentication>
            <login-module code="com.mycompany.LoginModule" flag="required"></login-module>
        </authentication>
    </application-policy>
0
 
LVL 3

Expert Comment

by:serrutom
ID: 24758025
I think it will be better to protect a complete set of files, instead of checking the security on every page.
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24758936
But we can define pattern like: adminPages/* or Admin*,

I don't really want to use roles in J2EE, because I've a lot of custom actions to log, and it seems too complicate to connect the database to the role manager.

I think I will use the solution I've founded
0
 
LVL 3

Assisted Solution

by:serrutom
serrutom earned 500 total points
ID: 24760922
Yes you can define a pattern like: adminPages/*


      <security-constraint>
            <web-resource-collection>
                  <web-resource-name>Protected pages</web-resource-name>
                  <url-pattern>/adminPages/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                  <role-name>USER</role-name>
            </auth-constraint>
            <user-data-constraint>
                  <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
      </security-constraint>
      <security-role>
            <role-name>USER</role-name>
      </security-role>

You can write your own login module, and use only what you want to use. If you don't have roles, add one fixed role (USER in my example) in your login module.
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24762235
have you more informations about how to write this kind of module? I've guest, user and admin level. Guest has only access to the login page.
0
 
LVL 3

Expert Comment

by:serrutom
ID: 24762554
What type of application server are you using? JBoss, Tomcat, Resin, ...
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24762562
glassfish
0
 
LVL 3

Assisted Solution

by:serrutom
serrutom earned 500 total points
ID: 24762721
A description of the configuration:

http://blogs.sun.com/phendley/entry/creating_and_using_a_glassfish

And check out the matching package with example files:

http://blogs.sun.com/phendley/resource/loginmoduletest.zip
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24763190
I'm sorry, but I'm so short in times and it seems to be really complicated, I've watched exemple, but I don't understand how pieces works together, between myRealm, the logn module, what match "ProgrammaticLogin", and I'm very stressed by the time.

And I don't see how to check if we are logged on the system.

In addition, I've other things I must do at the startup(log some informations), and this system will not work for this.

And I don't want to be dependant of an application server.
0
 
LVL 3

Assisted Solution

by:serrutom
serrutom earned 500 total points
ID: 24763300
This is a standard way of working, and should work in all java application servers.

Depending on your platform, you can use classes to build your LoginModule on, just to make things easier and not having to implement everything.

Another info link:

http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASLMDevGuide.html
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HSSFWorkbook cannot be resolved error 10 71
jar file executable 12 52
configure dependency in POM for new database 3 26
by zero exception 10 41
Introduction Java can be integrated with native programs using an interface called JNI(Java Native Interface). Native programs are programs which can directly run on the processor. JNI is simply a naming and calling convention so that the JVM (Java…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Viewers learn about the “while” loop and how to utilize it correctly in Java. Additionally, viewers begin exploring how to include conditional statements within a while loop and avoid an endless loop. Define While Loop: Basic Example: Explanatio…
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question