Solved

Do an action at the page loading

Posted on 2009-07-01
14
288 Views
Last Modified: 2013-11-24
Hi!

I want to do a check on user when I load a page, how can we do this when the page is loading?

(i use JSF pages)
Thanks you!
0
Comment
Question by:Nargzul
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
14 Comments
 
LVL 3

Accepted Solution

by:
serrutom earned 500 total points
ID: 24757860
You want to check if the user is logged in?

Create a pages.xml file:

<pages login-view-id="/login/login.xhtml">
      <page view-id="/site/*" login-required="true" timeout="900000"/>
      <page view-id="/login/*">
            <navigation>
                  <rule if="#{identity.loggedIn}">
                        <redirect view-id="/site/home/home.xhtml"/>
                  </rule>
            </navigation>
      </page>
      <exception class="org.jboss.seam.security.NotLoggedInException">
            <redirect view-id="/login/login.xhtml">
                  <message>You must be logged in to perform this action</message>
            </redirect>
      </exception>
</pages>

Create a components.xml file:

<components xmlns="http://jboss.com/products/seam/components"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:bpm="http://jboss.com/products/seam/bpm"
            xmlns:web="http://jboss.com/products/seam/web"
            xmlns:security="http://jboss.com/products/seam/security">
      <security:identity authenticate-method="#{Authenticator.authenticate}"/>
</components>

Create the Authenticator bean:

@Name("Authenticator")
public class Authenticator {
   public boolean authenticate() {
      ...
   }
}
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24757944
It seems to be what I need.

Just some questions:

-I don't understand why we need the components.xml
-The <rule if=... must be linked to the Authenticator bean I think?
-Where the <message>...</message> will be displayed on our page.

Thanks a lot for the help!
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24757964
I don't use seam, is it a problem? Must we register this  page.xml somewhere?

I've found this, but it's more complicated : http://jsf-comp.sourceforge.net/components/on-load/index.html
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:serrutom
ID: 24758005
If you don't user seam you can do it by adding following to your web.xml file:

      <security-constraint>
            <web-resource-collection>
                  <web-resource-name>Protected pages</web-resource-name>
                  <url-pattern>/secure/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                  <role-name>USER</role-name>
            </auth-constraint>
            <user-data-constraint>
                  <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
      </security-constraint>
      <security-role>
            <role-name>USER</role-name>
      </security-role>

You also need to define the authentication class in your application server. In JBoss it is done by adding this to the login-config.xml file:

    <application-policy name = "other">
        <authentication>
            <login-module code="com.mycompany.LoginModule" flag="required"></login-module>
        </authentication>
    </application-policy>
0
 
LVL 3

Expert Comment

by:serrutom
ID: 24758025
I think it will be better to protect a complete set of files, instead of checking the security on every page.
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24758936
But we can define pattern like: adminPages/* or Admin*,

I don't really want to use roles in J2EE, because I've a lot of custom actions to log, and it seems too complicate to connect the database to the role manager.

I think I will use the solution I've founded
0
 
LVL 3

Assisted Solution

by:serrutom
serrutom earned 500 total points
ID: 24760922
Yes you can define a pattern like: adminPages/*


      <security-constraint>
            <web-resource-collection>
                  <web-resource-name>Protected pages</web-resource-name>
                  <url-pattern>/adminPages/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                  <role-name>USER</role-name>
            </auth-constraint>
            <user-data-constraint>
                  <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
      </security-constraint>
      <security-role>
            <role-name>USER</role-name>
      </security-role>

You can write your own login module, and use only what you want to use. If you don't have roles, add one fixed role (USER in my example) in your login module.
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24762235
have you more informations about how to write this kind of module? I've guest, user and admin level. Guest has only access to the login page.
0
 
LVL 3

Expert Comment

by:serrutom
ID: 24762554
What type of application server are you using? JBoss, Tomcat, Resin, ...
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24762562
glassfish
0
 
LVL 3

Assisted Solution

by:serrutom
serrutom earned 500 total points
ID: 24762721
A description of the configuration:

http://blogs.sun.com/phendley/entry/creating_and_using_a_glassfish

And check out the matching package with example files:

http://blogs.sun.com/phendley/resource/loginmoduletest.zip
0
 
LVL 1

Author Comment

by:Nargzul
ID: 24763190
I'm sorry, but I'm so short in times and it seems to be really complicated, I've watched exemple, but I don't understand how pieces works together, between myRealm, the logn module, what match "ProgrammaticLogin", and I'm very stressed by the time.

And I don't see how to check if we are logged on the system.

In addition, I've other things I must do at the startup(log some informations), and this system will not work for this.

And I don't want to be dependant of an application server.
0
 
LVL 3

Assisted Solution

by:serrutom
serrutom earned 500 total points
ID: 24763300
This is a standard way of working, and should work in all java application servers.

Depending on your platform, you can use classes to build your LoginModule on, just to make things easier and not having to implement everything.

Another info link:

http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASLMDevGuide.html
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to get all the API from website? 11 161
How do I remove an object from a 3 62
What browser will run Java? 7 179
dao vs facade design patterns 2 72
By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
Viewers learn how to read error messages and identify possible mistakes that could cause hours of frustration. Coding is as much about debugging your code as it is about writing it. Define Error Message: Line Numbers: Type of Error: Break Down…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
Suggested Courses

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question