0

Should not allow other resources to be accessed.

asked 2012-07-05 06:52:31 +0800

AmandeepJ gravatar image AmandeepJ
15 1

Hi,
I have following ZUL files in my web content folder

Login.zul - Composer Applied
Category.zul - No Composer Applied
Index.zul - Composer Applied
Help.zul - NO Composer Applied
AboutUs.zul - NO Composer Applied

whenever I try to access Category.zul or Help.zul I can see them in my browser, but according to my usecase If I try to access it, I should always be redirected to Login.zul How can I achieve this.

One Solution : I can add composer to all the ZUL and then in doAfterCompose() do Executions.sendRedirect("to my login page") , but I think this not correct way to do it.

delete flag offensive retag edit

2 Replies

Sort by ยป oldest newest

answered 2012-07-18 03:17:27 +0800

dennis gravatar image dennis
3669 1 6
http://www.javaworld.com....

you need a security framework that filters the requests and redirect to login page if a authenticated is needed for a certain page.
or, you can simply write a servlet filter to do this by your way.

link publish delete flag offensive edit

answered 2012-07-18 14:11:22 +0800

marcelodecampos gravatar image marcelodecampos
183

updated 2012-07-18 14:12:20 +0800

AmandeepJ,


I use this aproach:

Every zul page that has some kind of access security has a selectorcomposer derived class like this class below. BEAN is a EJB session bean which, on my project, is always a remote session bean. See that on function onBeforeComposer: if the user is logged, it continues the flow, otherwise it redirects to index.zul. In this very simple example, I just want to see if the current user is logged.
It makes very simple to implement some kind of access control based on profile.

public abstract class BaseDBLoggedController<BEAN> extends BaseDBController<BEAN> implements LoggedInterface
{
	private static final long serialVersionUID = 3928960337564242027L;

	@Override
	public boolean isLogged( )
	{
		Login login = getLoggedUser( );
		return login != null;
	}

	@Override
	public ComponentInfo doBeforeCompose( Page page, Component parent, ComponentInfo compInfo )
	{
		if ( isLogged( ) ) {
			return super.doBeforeCompose( page, parent, compInfo );
		}
		else {
			redirect( "/index.zul" );
			return null;
		}
	}

	@Override
	public Login getLoggedUser( )
	{
		return (Login) getSessionParameter( userSessionParamName );
	}

	@Override
	public Collaborator getCurrentCollaborator( )
	{
		Collaborator c = (Collaborator) getSessionParameter( currentCollaborator );
		Login l = getLoggedUser( );
		if ( c.getPerson( ).equals( l.getPerson( ) ) == false ) {
			return null;
		}
		return c;
	}

	protected void setCollaborator( Collaborator c )
	{
		setSessionParameter( currentCollaborator, c );
	}
}


Just to undestand the chain hierarchy

public abstract class BaseDBController<BEAN> extends BaseController<Window> implements BeanSessonInterface<BEAN>

public abstract class BaseController<T extends Component> extends SelectorComposer<T> implements ISessionParameter

link publish delete flag offensive edit
Your reply
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow

RSS

Stats

Asked: 2012-07-05 06:52:31 +0800

Seen: 161 times

Last updated: Jul 18 '12

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More