xpages pass a value from smartcard without using url parameter - xpages

When an xpage is loaded into the browser, it checks to see if the the referrer contains the string "TranslateForm".
return facesContext.getExternalContext().getRequest().getHeader("Referer");
If it doesn't contain my string, it redirects to the URL "Home?RequestCert&SubmitCert&TranslateForm=CertSubmitTranslation" and then redirects to the xpage where it passes the initial test. I can easily get info from that Home form which captures info from the smart card (e.g. CommonName) and then pass it as a URL Parameter by appending the string "?CN=" + document.forms[0].CommonName.value
Then, I can obviously capture that appended value and do what I want with it as I process the xpage.
What I want to do is capture that CommonName field and save it in the backend without using a URL Parameter. I don't want the user to be able to see it or look in the source for a hidden field.

OK. What I did to solve this problem was to use the URL Parameter when launching the page:
document.location = "/path/db.nsf/xpage.xsp?CN=" + document.forms[0].CommonName.value;
AND I created a Counter field with a value of 0.
Then, in the BeforePageLoad event of the xpage, I ran a script to determine first if the Counter was at 0. If Counter was still at 0, then I tested if the URL had that parameter in it.
If so, I wrote that value to the backend document, incremented the Counter, and saved it.
document1.replaceItemValue("CI", context.getUrlParameter("CI"));
Then reloaded the xpage/document in Edit mode without the URL parameter.

Related

How to obtain information of a field or variable on the Client side

I am using the Receipts page (IN301000) for reference purposes:
I would like to be able to obtain a field's information on the client side with the GetElementByID() method.
When I inspect the field, and identify the rendered ID, I obtain data:
However, if I refresh the page and invoke the method again, I obtain NULL:
Does anyone know how to make that information always available?
The final goal here is being able to pass data to the client side. I can - for instance -populate an unbounded field with the FieldSelecting event, and would like to ideally read data out of it.
If there are client variables that could be set from the graph, it would work as well.
Thanks!
You likely get null because the script is executed in the top iFrame instead of the main iFrame which contains the control.
The JavaScript global variable px_alls contains the editor controls and can be indexed by editor control ID.
px_alls["edTransferNbr"].getValue();
document.getElementById("ctl00_phF_form_t0_edTransferNbr_text").value;
Script executed in main iFrame context:
When the script is executed in the context of the top iFrame you would have to select the main iFrame.
var mainframe = document.querySelector('[name=main]').contentDocument;
mainFrame.getElementById('ctl00_phF_form_t0_edTransferNbr_text').value;
Script executed in top iFrame context:

JSF Access control on direct object

I have a JSF page contentEdit.xhtml which accepts a request parameter "code" to load the content for editing and other operations related. To provide access control, I create a filter ContentAccessFilter and applies it to contentEdit.xhtml to check whether the current user is authorized to the content which is identified by "code".
Fragment of ContentAccessFilter:
boolean isAuthorized = false;
String userId = httpReq.getRemoteUser();
String code = httpReq.getParameter("code");
if (code != null && !code.isEmpty())
{
ContentDAO dao = ContentDAO.getInstance();
isAuthorized = dao.isContentAuthorized(code, userId);
}
if (!isAuthorized)
{
httpRes.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
For the first entry of the contentEdit.xhtml, the filter works properly as the code parameter always exists during the first entry by calling such as /contentArea.xhtml?code=cnn from an anchor html tag. However, the code parameter is lost when there is subsequent operations on contentEdit.xhtml. For example, I have buttons like these.
<p:commandButton value="Download" action="#{contentView.downloadContent}"/>
<p:commandButton value="Publish" action="#{contentView.publishContent}"/>
Clicking the button will call the same URL as contentEdit.xhtml, while the parameter code is not included in the request URL. This missing parameter fails in the filter.
Is using a Servlet Filter a proper way to achieve the access control in this case? If it is, how to include a request parameter when triggers a commandButton?
Filters are a great way to implement authorization in a web app... you're on the right track.
The best way would be to use your filter but store the code parameter value in a session (javax.servlet.http.HttpSession), that way the parameter doesn't need to be passed in the query string with each request. You would set the code attribute in the session data on the first request and retrieve it whenever a new request is received.
If you must use the query string to pass the code value with each request, you'll need to use the includeViewParams parameter in the query string creation to preserve the code parameter in the generated URLs. BalusC (the JSF God) explains this better than anyone... https://stackoverflow.com/a/17745573/3858863

XPages Mobile Controls - sessionScope variable being lost

I am building a mobile app for iPhone using the mobile controls in the XPages Extension Library.
The first page displays a list of categories (happens to be a list of user names). When a category is selected the second page is displayed listing all documents belonging to the selected user.
The URL to open the second page includes a parameter with the user's name. The second page has a page heading control and on the "label" property I have added the following code:-
if (param.get("User") != null) {
sessionScope.put("UserName", param.get("User"));
}
return sessionScope.UserName;
I'm doing this so that I have access to the user name on subsequent pages, e.g. the third page is displayed when the user opens a document from the list on the second page.
When I test this in Chrome everything is fine. When I test in Safari I can see that the sessionScope variable is set when the second page is opened. However, when I select a document and the third page is opened the sessionScope variable is disappearing. I can't see any code that would explain this and when tested in Chrome the sessionScope variable is still there on page 3. Unsurprisingly I get the same issue when I test on an iPhone.
The problem this gives me is that, when navigating back from a document (p.3) to the list of documents for the selected user (p.2) I don't know which user was selected originally.
Anyone seen this before or have any explanation as to what might be going on?
Thanks for any suggestions.
you might want to refrain from the parameter approach unless you are sanetizing your input first, so instead of the URL write the userName directly into the scope - or even easier - bind the first field with the categories to the sessionScope. Did u try to modify your code to use a different variable name?

Automatically open document when only one document is listed in repeat control

I have a repeat control for a domino view which displays the results from a search field.
As you type more characters into the search field the number of items in the list is reduced. If/When the the list only contains a single item I would like to open item automatically, without having to click the link.
Any ideas are appreciated.
Edit: after some very interesting responses, here are some screenshots
I have 3 elements on the page, a searchbar, a repeat control and a form:
When I start typing in the search bar, the repeat is refreshed with every keystroke:
the list is reduced, typing the next character ...
again the list is reduced, only 2 left, typing again....
Only one left, now it would be time to open the document in the form ..... without clicking the link.
I've tried several events on the page, but it seems that I could not find the one that will allow me to "select" the document and display the data in the form.
It seems that it's not as simple as I thought
Since you want to open the link automatically I don't know if I would try to base it on the getRowCount() of the repeat itself. You don't want to even get that far right? you just want to go to the single document.
I would put a function in beforePageLoad event maybe. Not totally sure which event but I'd try that first. Use SSJS and do a lookup that would basically return a collection of what the repeat would show. If the collection count = 1 then get your destination from that entry and do your redirection from there.
That what I would try at least. Interesting scenario!
Now that I see the screenshots this might be easier then you think and I have already implemented something similar on an internal application that I have built. It does rely on the fact that each entry in the list is 100% unique.
First of all you will need to bind the search field to a scoped variable and the onchange/onkeypress event will need to perform a partial refresh of a panel that contains both the list and the document portion of the page.
For the list the link on each item should set the value of the same scoped variable used in the search box and clicking the link should be set to run a partial refresh of the document area.
For the document area you will need two panels, the first panel will only display if there is no matching document and the second panel will only display if there is a matching document, you can do this in the rendered section by writing some ssjs that grabs a handle to the db/view and does a dblookup and returns either true or false if the document exists depending on panel your dealing with.
With this setup, when somebody clicks a link or fills out the searchbox the scoped variable will contain a value, the document panels will then check to see if this is a unique value in the view in the db and update themselves to either display the 'no document' panel or the 'document' panel accordingly.
You could add a evaluation script to the entry of your repeat control which checks the size of your repeat control using the method getRowCount() from the component. If this is 1 you could execute a context.redirectToPage("yourpage.xsp?id=yourid",true) this forces the current page to send a redirect request back to the browser and therefore redirects you to the correct page.
All you need to know is which xpage you need to open and which parameters you should use. But these could be retrieved from the content you are iterating over.

Read value from one aspx page to another

i have two pages: 1) web control(ascx page) and 2) web page(aspx page without master page).
Now i calculate some values on page2 through google api through Javascript on render, and i need to transfer these values to page 1 in a hidden field through code. please help
Khushi
One way (of many):
On the Client side: Fill the hidden
field, submit the form (with js)
Code Behind
Page 2: Collect the data in the code
behind, Populate the session,
Response.Redirect to page 1
Another:
Without using the the hidden field, you could
just append the calculation result to
the query string. (/page.aspx?myResult=xy)
Obvious, quick answer: use querystring or Session object.

Resources