I want a page has to appear to user after logged in. But if we use that link we can see the page and its content only thing is that it wont be having user data. what to do to prevent this. what can be done in this scenario ?
You can declare a PhaseListener where to redirect to the homepage instead the user is not logged
public void afterPhase(PhaseEvent evt) {
User user =
evt.getFacesContext().getExternalContext().getSessionMap().get(USER_KEY);
if (user == null) {
FacesContext.getExternalContext().redirect("home.xhtml");
}
}
The phase listener can be defined globally, or at view-level with:
<f:view afterPhase="#{bean.afterPhase}">...</f:view>
(in facelets the attribute is called afterPhaseListener)
Use a ServletFilter to check existence of UserData in Session.
If "yes: then forward else forward to error page.
Another option is to use the rendered attribute on tags to check the existence of UserData object.
I'm not familiar with JSF or if it has built in authentication/authorization. But you should be able to apply authentication/access rules directly on your web server.
Related
I have an MVC 5 Site, using a shared _Layout view.
In this _Layout view i render my scripts in the bottom part, after the body.
#Scripts.Render("~/bundles/jquery")
#Scripts.Render("~/bundles/jqueryui")
#*BootStrap must be loaded after JQuery UI in order to override the tooltip function*#
#Scripts.Render("~/bundles/bootstrap")
#Scripts.Render("~/bundles/jqueryval")
#Scripts.Render("~/bundles/Session")
My Problem now, is that i want to include the Session Bundle in every page, except my Login pages.
In other words, i want to use the Session Bundle only for pages where the user is logged in and they have an active session.
How can i check for this condition in my _Layout View and render the Script Render conditionally?
In other pages, i would add a bool field to my Model and then use an C# If construction to only render the Script part if true, but i do not have a Model in my _Layout View.
I am also using custom, very simple login methods, so i am not using the Identity Framework of MVC5.
EDIT
I was suggested to use the Request object
#if (Request.IsAuthenticated) { #Render...}
This does not work since im using custom login, that does not work with the built in framework.
I read up on how this field works, here How does Request.IsAuthenticated work?
The problem is still unresolved
#if (Request.IsAuthenticated)
{
// Render stuff for authenticated user
}
I found an Answer.
access session variable from layout page ASP.NET MVC3 RAZOR
I am able to access the Session object from my Layout. Using that, i can check if my custom authentication object is null. If its not null, the user is logged in
#if (Session["BrugerSession"] != null)
{
#Scripts.Render("~/bundles/Session")
}
My requirement is when someone login to site and if he belong to 'owner' group it need to redirect immediately to specific site and if he belong to member group then need to navigate/redirect to same specified site other page.
A very simple solution could be to use SPSecurityTrimmedControl. What it does is that it adds whatever is inside the control only if the specified access is fulfilled by the user.
So what you can do is that set the permissioning of the control to full control and include a simple redirect JavaScript. And just after that, outside the control, add a redirect script to other control. Something like below:
<SharePoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl1" runat="server" AuthenticationRestrictions="AuthenticatedUsersOnly" Permissions="ManageWeb" PermissionContext="CurrentSite">
<script type='text/javascript'>javascript to redirect owners</script>
</SharePoint:SPSecurityTrimmedControl>
<script type='text/javascript'>javascript to redirect readers</script>
So if the user is an owner, the owner redirect sscript will be present on the page and if not then it will redirect to the reader's page.
Since it is in SP2010, I assume we use server side C# code instead of CSOM, which is not matured yet in SP2010.
create a static helper method like:
public static bool IsInGroup(this SPUser user, SPGroup group)
{
return user.Groups.Cast()
.Any(g => g.ID == group.ID);
}
}
verify in your code if the user belongs to certain group
SPUser user;
SPGroup group;
bool belongToGroup = user.InGroup(group);
use SPUtility.Redirect to redirect the user to any page you need.
Hope this helps somehow.
Using Orchard 1.6 Iv created a new role 'FactoryWorker'. When this user logs in from the front end I want them to be navigated to one page only.
OrchardLocal/System/ManufacturedProducts
I have set this page to be a print screen of the order details so the factory worker will know what products to get ready for ship out & they wont be able to navigate as no menu appears, but also need the other pages blocked incase the user decides to enter the URL of a page they arnt allowed access to.
This is the only page I want this particular user to be able to access(after they login), and I have added a logout button, which logs out the user and returns them to the home page.
So iv been looking through editing a role, with permissions and content etc...but this all seems to be applying to forms and content in general. where the user can access any content type etc...
So can someone advise me on how to do this?
thanks for any replies
UPDATE
I forgot to mention that this is not a content type, item or part I am talking about.
I have created my own controller & View & VM which is accessible from the dash board (using the AdminMenu, which brings the admin user to OrchardLocal/System/ManufacturedProducts)
I have looked at Orchard.ContentPermissions Feature but it only seems to allow me to 1)Grant permissions for others or 2)Grant permission for own content
any ideas?
You can use a Request Filter, (I do not know if it is the best way) :
FilterProvider – defines the filter applied to each request. Resembles the way default ASP.NET MVC action filters work with the difference that it’s not an attribute. All FilterProvider objects are injected into the request pipeline and are applied to all requests (so you need to check if the current request is suitable for your filter at the beginning of an appropriate method).
From : http://www.szmyd.com.pl/blog/most-useful-orchard-extension-points
So you could implement something like this
public class Filter : FilterProvider, IAuthorizationFilter {
private readonly IAuthenticationService _authenticationService;
public Filter(IAuthenticationService authenticationService) {
_authenticationService = authenticationService;
}
public void OnAuthorization(AuthorizationContext filterContext) {
//If route is the restricted one
if (filterContext.HttpContext.Request.Url.AbsoluteUri.Contains("OrchardLocal/System/ManufacturedProducts")) {
//Get the logged user
IUser loggedUser = _authenticationService.GetAuthenticatedUser();
if (loggedUser == null)
return filterContext.Result = new HttpUnauthorizedResult();
//Get the Roles
var roles = loggedUser.As<IUserRoles>().Roles;
if (!roles.Contains("FactoryUser")) {
//User is not authorized
return filterContext.Result = new HttpUnauthorizedResult();
}
}
}
}
Note: Untested code!
EDIT: Also you could invert the logic and check if the logged user has the role 'FactoryUser' and restrict its access to every page except the one they should see.
Your module can create a new permission (look at one of the permissions.cs files for examples), then create a role that has only that permission. Have your controller action check that permission (again, many examples found by finding usage of the permissions defined in one of the permissions.cs).
You can use the Content Permissions module. Using this module you can attach a content item permission part to a content type. This part allows you to choose which roles can see the content when you create it.
So I'm having a problem trying to pass a String value.
The String value is entered through a login page as username.
The JSF then calls the Bean to verify log in information then proceeds to another JSF page.
I was wondering how to pass the username along to the new JSF page. Thank you.
If you're performing a navigation instead of a redirect, then you basically don't need to do anything. The information is also just available in the navigated page.
E.g. in login page,
<h:inputText value="#{bean.username}" />
and in the navigated page:
<p>You have entered the following username: #{bean.username}</p>
If you're however performing a redirect instead of a navigation, then you basically need to store the information in a bit broader scope. You didn't clearly elaborate the concrete functional requirement in the question, but if I guess it right, you just wanted to remember the currently logged-in user for the remaining of the HTTP session. In that case, just store it in the session scope during the login action.
public String login() {
// ...
User user = userService.find(username, password);
// ...
externalContext.getSessionMap().put("user", user);
// ...
return "nextpage?faces-redirect=true";
}
This way it's available by #{user} throughout the entire HTTP session.
<p>You're logged in as #{user.name}.</p>
You can also use <t:saveState> without using session scope. <t:saveState> is longer than the request scope but shorter than session scope.
This may help you : http://myfaces.apache.org/tomahawk-project/tomahawk12/tagdoc/t_saveState.html
I am creating a custom portlet.
And I need to log-out the User from the portal after he performs some operation in my custom portlet. I am extending liferay's MVCPortlet.
In one of MyPortlet's action methods I need to write the code to logout the user and then redirect it to the home page.
Update:
I tried the following which I think logs out the user but does not redirect to the home page after logging out:
actionResponse.sendRedirect(PortalUtil.getPortalURL(actionRequest) + "/c/portal/logout");
Thanks All
Well this may be a very late reply, but it may help somebody
Firstly, you have to validate the session and the re-direct to the logout URL. Otherwise, the session remains and the user is moved to the landing page, even though we redirect to the logout url. So, this is what one should do
HttpServletRequest request = PortalUtil.getHttpServletRequest(actionRequest);
request.getSession().invalidate();
actionResponse.sendRedirect(themeDisplay.getURLSignOut());
Hope this helps.
I also did not find a way to send a specific redirect by using liferay's default logout (/c/portal/logout). So I logged out the user programmatically with the util class AuthenticatedSessionManagerUtil and
afterwards sending a specific redirect location within the response object, e.g. response.sendRedirect(yourLocation)
Note:
With Liferay 7.2 I used AuthenticatedSessionManagerUtil.signOutSimultaneousLogins(userId) instead of AuthenticatedSessionManagerUtil.logout(userId) which did not work for me.
hth
You can redirect to c/portal/logout
more precisely :
actionResponse.sendRedirect("/c/portal/logout/");
Just leaving this here after facing this problem (LR7):
try {
AuthenticatedSessionManagerUtil.logout(request, response);
request.setAttribute(WebKeys.LOGOUT, true);
}
All you have to do is
perform operation: at the end of operation use this:
HttpSession session = PortalUtil.getHttpServletRequest(request).getSession();
session.invalidate();
try {
System.out.println(" redirecting to the required page");
response.sendRedirect(themeDisplay.getPortalURL() + "/page-on-which-to-be-redirected");
} catch (IOException e1) {
e1.printStackTrace();
}