I am using webSphere portal 6.1. I wrote my own custom login portlet and placed in the Login page from the portal server. The page loads fine the problem is when I try to login. It takes 2 attempts to login. The first time when I try to login, the page refreshes (I don’t see any exception on the consol). If I enter the user id/password for the second time, the login works perfectly
After extensive debugging this is what I found,
The first time when I try to login, the process action get called but it skips the managed bean and call the doView. The second time, the process action get called and the managed bean get called (login is successful) and then the doView get called. So I decided to take a look at the html output, sure enough the action url is different. The url for initil load is
action="/wps/portal/esb/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3h355AAV0dnEwMLPycTA8_AUINQL1cLAwNXU_1wkA6zeAMcwNFA388jPzdVvyA7rxwAtTMgag!!/dl3/d3/L0lDU0lKSkpDZ3BSQ1FvS1VRa2chL29Gb2dBRUlRaGpGRUlBQWpPTTRSa0JTVkpRcEdnZ0d0QUEhIS80QzFiOVdfTnIwUkprQWxJTVJKa1FsTUlpUi1BLzdfR0NUUEVBQzQwOEdQRDBJUTFGUVQ2MzMwRzUvaWJtLmludi8xNDc3ODc5NDM0MDAvamF2YXguc2VydmxldC5pbmNsdWRlLnBhdGhfaW5mby8lMGpzcHMlMEVTQkxvZ2luUG9ydGxldFZpZXcuanNw/”
and the url after the first attempt to log in is,
action="/wps/portal/esb/!ut/p/c5/dVBHsoPIAjvLHIAy2bCEJhswqaFh4yKZYBNMhtPP-7u_GWmhhUpSlW7J7Y99ujVVujRDn35v6JawLxUEjiwAGudskcZ1F-LQkDkcl5lbdEM4_fJbbrTOBZkX2IL2cnErKCnLzP80PixbcorQg6IgXFALwr9M8r9W_D8g4DdbG7ryFt-S-_9tq470t00obsBSFK4yt-CGxtAzP6zOKQ6-zFgbhmonj9NYXMDQBZUQSxfpYzX7SkSCADgOujiRZCdG-60JFN3PGnR5ybH8ZXU5DtZ3H1rY88xwaBE5IwQ6x78oXEfRuiOKe9WXyAopGRCQT_jDM42lgrK_TGHPyk-g1J1S-d9w_CXXFcO_Nz49ZsTpSe_VZ45OkgeOdG8eFNi-pdxYCUTWZOMSJkG2DCBGqB1QdVeiqf5pqJEu9gleebgMHtuTNt37IR4IXqU4HbNYNN40KyO1W3lh7NR3sOewBJKX1KXWEFelg2lciJqklUX068fRNUzJuNUulevvXrnRbAaWZEhBWddE9qM1_gMrffrp9fjouTXpPMRTRGu-uMfxDn-9fE7ePjiTZ6ceGqnCfHVPzh7ucwV7sx8rwNEGm1JCVPQaa715RygFAiwcr72mgQ726FrWMWPchGbrp5Th3ZY9nDL5mEXIYSaA67MPaUAs9eiMlnFalHBRYnruS0asZU_YDo2Ugbl7KJplfRRitT0nMPCzqfICQExjlJjOPT4OPIRPo3EGYarhN50qHnihCJTZIFgURycbf8IiG5wSsvS4MYITZHUqYzDcNVC7cxvIen-_msergaAj6XtBo9GuWwADk8xSfb5jCslG0O8uem8wILCTobn3VGKkMHQ3xR9Xw5y9MoGHeKEaG0I5_JB2kmOW2eWTiJY4i9o6bLxzPwM5nwGSAif8fqCuffi36iX0Pu1OgcsF_95QIhOKKYUv9prKxO_6xbf3WmOSaJCDLfrRpPaK3CYnHFkt8oxodC8uG2fvJ2F4aLYyMd6vrb1IbL2fgESn2LPEf4ZSkH6PeaKONvL9mm5Prguu8ZvwMPzk7z6b1_OLI5iox6ivHBoZb32Y0far1f7atWl0jpaUYilQd9xIClj36LL3oTjZNbLmTiKaQcH8dcea7YFayk8bk3S2dC_8cn9afvJQ6ZAzOd-_cInXqhfj7eWb5Jj4nbXKK4k9mmJw6358T99Yvx1Rqpf6fj_FnJiKsQlPn7g7x1tjrwMTxvI3GbTALcHCI3fl-zw2rT_bYvONm7glRu93peJk7zG3sdtGzhb--RcqYJzK/dl3/d3/L0lDU0lKSkthWWtLQ2xFWm1ZQSEhL29Pb2dBRUlRaGpCS0VRQUFBRVpDZ0dRNEtRcGNFb2lBWUFEUkVBd0FCaUlCZ0FMRVFEQUFBQSEhLzRDMWI5V19OcnhRREVTWklKUkNBLzdfR0NUUEVBQzQwOEdQRDBJUTFGUVQ2MzMwRzUvMTQ3Nzg3OTY4NTYzL2phdmF4LnNlcnZsZXQuaW5jbHVkZS5wYXRoX2luZm8vJTBqc3BzJTBFU0JMb2dpblBvcnRsZXRWaWV3LmpzcA!!/"
Can some please explain me what going on here?
Thanks
i think i found a solution for my problem. it seems that JSF is trying to save it's viewstate in the session, but public session is not enabled by default for anonymous user. So changing the state saving method in web.xml from server to client seem to do the trick
Related
My web app is built on spring boot + spring security + JSF 2.2.12
I have read a lot of posts about the view expired exception, and try to solve it using this proposal.
To be shortly, I have added ?faces-redirect=true to my action methods, added NoCacheFilter to inform browser not cache the dynamic JSF pages. Also I have add expired.xhtml page. Also, I have added custom InvalidSessionStrategy implementation using this sample.
For the case, when I have two tabs in my browser, and perform log out in one tab, and in other I click <p:commandButton which trigger POST request for page navigation, everything works fine, browser redirect me to the login page.
But for case, when I have two tabs in my browser, and in one tab I perform log out and then log in, and in other I click again <p:commandButton, the ViewExpiredException is thrown.
Please, help me to solve this issue. Or tell me what I have missed?
I want the application show a popup to inform inactive user when he back to use the application that the session is timeout and to click on ok to redirect him to login again.
the first problem i cant detect that the session is timeout .
the second problem evenif i detect that the session is timeout how can i show the popup ?
i tryed o detect the session timeout with a listener but didnt work
<f:event listener="#{logincontroller.checksessiontimeout}" type="preValidate"/>
i am using primefaces and glassfish.
The problem with the approach you have chosen is the session has timed out, but you already figured it out. )
The solution could be to use ExceptionHandler.
If you really want to show a popup you can redirect to the same page passing some predefined parameter based on which your popup would be rendered. As an alternative you may consider redirection to login page right away and show notification about session expiration there. The second way looks more natural to me, but this is my personal point of view.
You may find information on how to do this in BalusC blog post
also you may find some discussion on stackoverflow here with references to other similar questions. Those would still point you to the blog post I mentioned earlier
I have a requirement where the portal application that is being developed in jsf 1.2 and spring 2.5 will be launched from within an ipad app. After the user logs into the ipad app, the user click on the portal link available and the ipad app in turn will be passing the user credentials through a get request url which i will have to validate and redirect them to home.xhtml page if the validation is successful else i will have to redirect them to error page. I have been searching in google a lot to see how this can be implemented. Finally i found that it requires a phase listener to implement this but I am not sure how this can be done or if there is any other way. Please tell me how can this be done using phase listener (if possible with an example). Also suggest me if i can use any other means to do this. Any help is much appreciated.
Thanks in advance.
I found a way to implement this. I am giving the solution that i used so that it might help some one else.
I am using a servlet filter to get the parameters from the URL and then i am validating the credentials with the data stored in the DB. Then if the credentials are valid i am redirecting the user to the home page. If the credentials are invalid then i am redirecting the user to error page. Done.
I'm just starting down the track of developing web apps and have started with JSF 2.2 on Java EE 7, GlassFish 4.
I thought I'd start with the very basics. I just want to protect the entire site, so every page you navigate to would first require you to authenticate yourself. So I read through the Java EE 7 Tutorial and tried the samples, modified them and then started to break them in ways I didn't think they would break. I tried all sorts of angles, but I'd generally end up in two situations:
I'd try to access a page using a partial request, which would land me at /index.xhtml as defined by <welcome-file-list>, and be prompted to login; but on submitting the username/password I'd be instantly directed back to the login form.
I added an action to the <h:commandButton> to point to index. This worked, but when I submitted the form on the index page which should take me to the response.xhtml page, I'd end up back at the login form instead of at the response page.
After many hours of trawling the net, it seemed that the reason I had broken the login procedure was because I had changed the plain HTML login form to use JSF tags like <h:form>, instead of <form>.
There is a discussion here that says you should not do this with login forms. To quote an interesting line from that page:
To make such a page login, make the actual login form be HTML and not JSF and code it according to the j2EE standards for login forms. Use the HTML form tag instead of the JSF form, and make sure you code an HTML SUBMIT button and not a JSF commandButton!
Once I changed it back to plain old HTML it worked. But I don't understand why. Can anyone enlighten me?! I think I am missing something fundamental which I need to understand if I'm going to start writing web apps in JSF.
Many thanks...
It's because <h:form> submits to the current URL (in web development terms also known as "postback"), not to j_security_check, while the form based authentication intercepts on j_security_check URLs.
It's however not true that using a JSF form for form based authentication is impossible. It's quite possible, you only need to perform the login in backing bean using HttpServletRequest#login() yourself.
See also:
Performing user authentication in Java EE / JSF using j_security_check
This is basically two question? First i was wonder how to change the page liferay redirects when a user tries to access a page that has Power User view permissions. Liferay by default points to localhost:web/guest/home where they have their login page. On my application i have a different login in page and i want to redirect to the following page. I was browsing the web and found out that by setting auth.login.site.url=/whereiwontittopoint should actualy redirect me there. However it does not. I'm using Liferay 6.0.6 Community Editions. Has anyone done this? Is this the right way or this need to be done with a hook?
My other question is the following. I want to have a custom role on some pages. And i want when a user does not have that specfic role to be redirect to a totaly different page not the default login. I'm fairly sure this can be done by using the hook on some service but for some reason i can not identify this service.
EDIT
Ok for the first question i solved the issues. For the second question the answers i got here were not what i was looking for probably because i didn't post the question correctly. This is a full scenario of what i have done and what i need to do:
First of all i changed the /web/guest path that's on every liferay page to web/somthing/ this might not play a crucial role but the problems(some of the problems) started when that happend. THe over all idea is the following. I'm using spring mvc to create the application. I have created a backend to my application from where the admin can create pages for other users to see(This is not done by going to the control panel of liferay and adding a page but through the logic of the application). Once a page is created depending on some logic i create a role for that certain page(customer role also through code not the liferay admin). Some of the users are given this role if the satisfy some criteria and some are not. Here my problem arises, once a user that is loged in to my application tries to access a page (by inputting a direct URL in the browser to the page) that requres the view permision of the role i create for that page and the user does not have the appropriate role he gets redirect to lets say localhost/web/(username)/home a personal page and for some reason on that page by default from liferay he is able to view personal data(user name) of all other users of the application. My question is how through code to handle the redirection that happens of the above scenario.
I have tried on one attempt to actualy hook the servlet.service.events.pre action and before the user access that page to check if he has the appropriate permisions and actualy change his request. So far i have some issues but i can resolve them but this approach is not what i not rly what i am looking for because this action is executed before every single request on the application( and the page handling is just small part of that application) which means i will have a lot of code executing for no reason. I was wondering if there are any ways to add where the exception will redirect when i create the role? If not what action should i hook that will help me solve this scenario but with out the unneeded extrea trafic that i am creating with hooking servlet.service.events.pre action?
For the second stuff a bit hacky way could be as follows
1) Define set of roles against which you want to check in portal-ext.properties. You can add some property like my.super.secret.roles=rolename1,rolename2
2) Add a property for a redirect page url in portal-ext.properties so that you can redirect user there.
3)Add a custom attribute for Layout named checkForSecretRoles which has to be boolean and visible on Page. This will show you a checkbox in Manage page for each page, so that an admin can easily check or uncheck the value
4)Add a condition in your theme (portal_normal.vm) to check if the page has a check for secret role and then check the users role falls in any of the roles defined in portal-ext.properties. If yes then issue a redirect to the page specified by your custom redirect page url property
For your first question, it should work -
auth.forward.last.paths=/sign-in
sign-in would be your page name
The answer for your second question is, you have to create a Hook extending Action and made the below entry in your portal-ext.properties.
login.events.post=com.liferay.portal.events.LoginPostAction,com.liferay.portal.events.CustomLandingPageAction
There is a lot of information you can found on forum about how to use this property.
for 1. set default.landing.page.path=/whereiwontittopoint in portal.properties, see Liferay Login page redirect
for 2. create a hook, set servlet.service.events.post=com.my.action.MyAction and impliment this action, at this point you can redirect user to another page.