-
FEATURED COMPONENTS
First time here? Check out the FAQ!
Hello there!
I have a really "stupid" question and I'm sure somebody can help me because its really simple :)
I made a login-screen from my application, if the user is a valid user (i started a query to database), i do a redirect to a new page. on the new page i have to check if the user is logged in and has the appropriate rights to visit this page. this is necessary because you can access all the zul-files placed under the web-directory (and i really dont now how to handle this, i am new to web programming ;) )
my first approach (i hope theres a better one) looks like this:
the user goes to login.zul (its the welcome page of my app), enters some data and finally clicks the login button.
if the the user is a valid user ( i started a query to my database), the following code is executed in my controller-class:
Sessions.getCurrent().setAttribute("user", user); // save user-object in session Executions.sendRedirect("index.zul"); // redirect to index
Now, my index.zul, where i redirected the user, looks like this:
<?xml version="1.0" encoding="UTF-8"?> <zk xmlns="http://www.zkoss.org/2005/zul"> <window width="400px" height="300px" use="SessionController" onCreate="self.checkSession()"> <label value="You are logged in..."/> </window> </zk>
On creation, "self.checkSession()" is called to check if the user is logged in... i created a sessionController-class which provides the following code:
public class SessionController extends Window{ public void checkSession(){ boolean valid = Sessions.getCurrent().getAttribute("user") != null ? true : false; if (!valid){ Executions.sendRedirect("error.zul"); } } }
My file error.zul looks like this:
<?xml version="1.0" encoding="UTF-8"?> <zk xmlns="http://www.zkoss.org/2005/zul"> <window border="normal" mode="overlapped" draggable="false" width="300px" height="80px" onCreate="self.position = "top,center";" title="Error"> <grid> <rows> <row align="center"> <label value="You are not logged in..."/> </row> <row align="center"> <button label="Goto Login" onClick="redirect()"/> </row> </rows> </grid> <zscript>{ void redirect(){ Executions.sendRedirect("login.zul"); } } </zscript> </window> </zk>
Thanks in advance
pannekuche
One thing you can try is to set your window to not be visible in the .zul, and in the onCreate when you are done checking everything you can then call setVisible("true");
So :
<window visible="false" .......
In the java
public void onCreate() { ... Check user status.... ... If OK... setVisible("true"); ... else redirect....
Something else you can do (which is what I do) is specify in the .zul an "init" class that gets called before the .zul gets fully rendered :
<!-- This will check that the user is logged in, the argument tells the login screen where to redirect after login --> <?init class="com.foo.CheckForLogin" arg0="/tunertest.zul"?>
This class must implement the org.zkoss.zk.ui.util.Initiator interface.
the arg0 passes along the name of the .zul file I want to redirect to once the user has successfully logged in. So in the code below it will check to see if the user has logged in by looking for a userId in the session.
In the java code (CheckForLogin.java) you can get value of this argument using the following :
public void doInit(Page arg0, Object[] arg1) throws Exception { Session zkSession = Executions.getCurrent().getDesktop().getSession(); Integer userId = (Integer)currentSession.getAttribute("userid"); if (userId == null) { // Since the user has not logged in you redirect to your login window, I pass along in // arg1[0] the name of the .zul that they were trying to access when I checked to see if they were logged in, // That way after they log in I can redirect them back to that page Executions.sendRedirect("LoginWindow.zul?" + "redirectUrl" + "=" + arg1[0]); } }
When do log in just add the userId into the session, add the init code shown above into every .zul file and you are ensured that the user has to login before accessing any page in your application.
Hope this helps.
- Andy
Hi Andy, thank you very much. I'll try the second solution with the "CheckForLogin", this looks nicer ;)
But isn't there another solution to "hide" all the ".zul"-files in WEB-INF?
i thought, all ".jsp", ".zul", ".html" files (contained in the WEB-INF) folder are hidden. they cannot be accessed by typing a url like:
http://localhost:8080/app/test.zul
index.zul index2.zul /WEB-INF/test.zul /WEB-INF/shouldBeHidden.zul
Update: Session management works, thanks again :)
I use a more traditional approach using a ServletFilter. All my page are under a "pages" directory.
<filter-mapping>
<filter-name>MySecurityFilter</filter-name>
<url-pattern>/pages/*</url-pattern>
</filter-mapping>
You're security filter than is something like...
public class MySecurityFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession(false);
if (session == null || session.getAttribute("user") == null) {
//redirec to login page or whatever you need to do
//be sure login.zul resides outside of your secure pages directory
} else {
filterChain.doFilter(request, response);
return;
}
}
You Login ViewModel/Controller would be responsible for setting the User in session
Asked: 2008-07-09 09:17:28 +0800
Seen: 2,591 times
Last updated: Nov 07 '13