Re: security and redirects
Re: security and redirects
- Subject: Re: security and redirects
- From: Bob Stuart <email@hidden>
- Date: Sun, 17 Oct 2004 11:55:34 -0400
To achieve this I used a interface LoginRequiredInterface and check
during pageWithName. loginTest just does whatever on session is
required for proving the user is logged in. You could do the same
just checking the pageName against the list of protected pages. I
throw during pageWithName so that I get to handleException returning
the login page. I didn't return the login page during pageWithName
since it might be a subcomponent and really messed up runtime cast
problems.
pseudo code there was a lot of other stuff I ripped out. Not sure
this compiles but should explain the concept.
In Application
public WOComponent pageWithName(String name, WOContext context){
pageToReturn = super.pageWithName(name,context);
if ((pageToReturn instanceof LoginRequiredInterface) &&
( session == null || !session.loginTest() ){
throw new LoginException(); }
}
return pageToReturn;
}
public WOResponse handleException(Exception anException,
WOContext aContext){
WOResponse responseToReturn;
if (anException instanceof LoginException){
responseToReturn =
super.pageWithName("Login",aContext).generateResponse();
} else {
responseToReturn =
super.handleException(anException, aContext);
}
return responseToReturn;
}
At 3:16 AM -0700 10/17/04, Greg Kick wrote:
I am trying to implement a system for securing components in which
the components that are restricted are listed in an xml file. The
application reads that file and if a user tries to access a
component listed without having authenticated the application will
redirect him/her to a login page. I have gotten the xml portion and
the comparison to work without any problems, but i am having trouble
finding a way to implement the redirect. Also, I want the redirect
to happen before the construction of the restricted component if
possible. I have tried diverting the process at just about every
point in the request-response loop I can find, but so far, no luck.
Any suggestions?
Greg
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
Bob Stuart
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden