Solved

Do an action at the page loading

Posted on 2009-07-01
14
283 Views
Last Modified: 2013-11-24
Hi!

I want to do a check on user when I load a page, how can we do this when the page is loading?

(i use JSF pages)
Thanks you!
0
Comment
Question by:Nargzul
  • 7
  • 6
14 Comments
 
LVL 3

Accepted Solution

by:
serrutom earned 500 total points
Comment Utility
You want to check if the user is logged in?

Create a pages.xml file:

<pages login-view-id="/login/login.xhtml">
      <page view-id="/site/*" login-required="true" timeout="900000"/>
      <page view-id="/login/*">
            <navigation>
                  <rule if="#{identity.loggedIn}">
                        <redirect view-id="/site/home/home.xhtml"/>
                  </rule>
            </navigation>
      </page>
      <exception class="org.jboss.seam.security.NotLoggedInException">
            <redirect view-id="/login/login.xhtml">
                  <message>You must be logged in to perform this action</message>
            </redirect>
      </exception>
</pages>

Create a components.xml file:

<components xmlns="http://jboss.com/products/seam/components"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:bpm="http://jboss.com/products/seam/bpm"
            xmlns:web="http://jboss.com/products/seam/web"
            xmlns:security="http://jboss.com/products/seam/security">
      <security:identity authenticate-method="#{Authenticator.authenticate}"/>
</components>

Create the Authenticator bean:

@Name("Authenticator")
public class Authenticator {
   public boolean authenticate() {
      ...
   }
}
0
 
LVL 1

Author Comment

by:Nargzul
Comment Utility
It seems to be what I need.

Just some questions:

-I don't understand why we need the components.xml
-The <rule if=... must be linked to the Authenticator bean I think?
-Where the <message>...</message> will be displayed on our page.

Thanks a lot for the help!
0
 
LVL 1

Author Comment

by:Nargzul
Comment Utility
I don't use seam, is it a problem? Must we register this  page.xml somewhere?

I've found this, but it's more complicated : http://jsf-comp.sourceforge.net/components/on-load/index.html
0
 
LVL 3

Expert Comment

by:serrutom
Comment Utility
If you don't user seam you can do it by adding following to your web.xml file:

      <security-constraint>
            <web-resource-collection>
                  <web-resource-name>Protected pages</web-resource-name>
                  <url-pattern>/secure/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                  <role-name>USER</role-name>
            </auth-constraint>
            <user-data-constraint>
                  <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
      </security-constraint>
      <security-role>
            <role-name>USER</role-name>
      </security-role>

You also need to define the authentication class in your application server. In JBoss it is done by adding this to the login-config.xml file:

    <application-policy name = "other">
        <authentication>
            <login-module code="com.mycompany.LoginModule" flag="required"></login-module>
        </authentication>
    </application-policy>
0
 
LVL 3

Expert Comment

by:serrutom
Comment Utility
I think it will be better to protect a complete set of files, instead of checking the security on every page.
0
 
LVL 1

Author Comment

by:Nargzul
Comment Utility
But we can define pattern like: adminPages/* or Admin*,

I don't really want to use roles in J2EE, because I've a lot of custom actions to log, and it seems too complicate to connect the database to the role manager.

I think I will use the solution I've founded
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 3

Assisted Solution

by:serrutom
serrutom earned 500 total points
Comment Utility
Yes you can define a pattern like: adminPages/*


      <security-constraint>
            <web-resource-collection>
                  <web-resource-name>Protected pages</web-resource-name>
                  <url-pattern>/adminPages/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                  <role-name>USER</role-name>
            </auth-constraint>
            <user-data-constraint>
                  <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
      </security-constraint>
      <security-role>
            <role-name>USER</role-name>
      </security-role>

You can write your own login module, and use only what you want to use. If you don't have roles, add one fixed role (USER in my example) in your login module.
0
 
LVL 1

Author Comment

by:Nargzul
Comment Utility
have you more informations about how to write this kind of module? I've guest, user and admin level. Guest has only access to the login page.
0
 
LVL 3

Expert Comment

by:serrutom
Comment Utility
What type of application server are you using? JBoss, Tomcat, Resin, ...
0
 
LVL 1

Author Comment

by:Nargzul
Comment Utility
glassfish
0
 
LVL 3

Assisted Solution

by:serrutom
serrutom earned 500 total points
Comment Utility
A description of the configuration:

http://blogs.sun.com/phendley/entry/creating_and_using_a_glassfish

And check out the matching package with example files:

http://blogs.sun.com/phendley/resource/loginmoduletest.zip
0
 
LVL 1

Author Comment

by:Nargzul
Comment Utility
I'm sorry, but I'm so short in times and it seems to be really complicated, I've watched exemple, but I don't understand how pieces works together, between myRealm, the logn module, what match "ProgrammaticLogin", and I'm very stressed by the time.

And I don't see how to check if we are logged on the system.

In addition, I've other things I must do at the startup(log some informations), and this system will not work for this.

And I don't want to be dependant of an application server.
0
 
LVL 3

Assisted Solution

by:serrutom
serrutom earned 500 total points
Comment Utility
This is a standard way of working, and should work in all java application servers.

Depending on your platform, you can use classes to build your LoginModule on, just to make things easier and not having to implement everything.

Another info link:

http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASLMDevGuide.html
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

An old method to applying the Singleton pattern in your Java code is to check if a static instance, defined in the same class that needs to be instantiated once and only once, is null and then create a new instance; otherwise, the pre-existing insta…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
This video teaches viewers about errors in exception handling.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now