I have crated a portlet, Where I am doing my business logic in servlet. But I am getting the liferay login user details in the jsp page. So Now I need to pass the user details while hitting the servlet. This is my JSP code,
<%
String fullname= user.getFullName();
out.println("Full name is: "+fullname+ "...");
long id = themeDisplay.getLayout().getGroupId();
out.println("Site ID is: "+id+ "...");
long userId = themeDisplay.getUserId();
out.println("User ID is: "+userId+ "...");
%>
I need to access the above details in the servlet. How can I do that? Each login user has some different credentials, So all the values should update in and need to access in the servlet. what is the best way to access these values without performing any event. I am hitting the servlet from another web service. I need to access in Get OR Post method,
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
//I need to access those login user information here..
}
This will be really hard to do ("really hard" as in "almost impossible"): When you're in a servlet, all the portal's code of identifying the actual user won't run.
In fact, when you look at the HttpServletRequest for a portlet: This will be directed towards the portal and only later be forwarded to the portlet, with the properly constructed context (e.g. logged in user).
When you look at the servlet, this will be directed to your servlet. Your servlet typically lives in a totally different application context. Thus - by servlet specification - it will be totally separated from the portal environment.
Everything that you find to mitigate this limitation will be somewhat of a hack. Some people use cookies or request parameters. But they all are introducing more or less problems. Especially when you speak of webservices that access your servlet, you can't go with cookies.
In the interest of a well maintainable implementation, my recommendation is to change your architecture. Unfortunately you don't give enough context to recommend what to change your architecture to.
Related
I need to make a Servlet which will manage some information and, after that, will go to a Liferay 6.2 Portlet. Both in the same server.
I need the Servlet to send a parameter, but I don't want to send it GET, but POST method. So, I try to put it in the session to retrieve it from the Portlet.
At the Servlet, I have:
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
request.getSession().setAttribute("param1", "TEST 1");
url = "http://myServer/";
response.sendRedirect(response.encodeRedirectURL(url));
} catch (Exception e) {
e.printStackTrace();
}
}
And at the Portlet I manage the information at render method, as I want to get param1 before I render the page:
public void render (RenderRequest renderRequest, RenderResponse renderResponse)
throws PortletException, IOException {
super.render(renderRequest, renderResponse);
//Try to retrieve from getOriginalServletRequest
HttpServletRequest servletReq = PortalUtil.getOriginalServletRequest(PortalUtil.getHttpServletRequest(renderRequest));
String param1 = servletReq.getSession().getAttribute("param1").toString();
//Try to retrieve from getHttpServletRequest
HttpServletRequest servletReq_ = PortalUtil.getHttpServletRequest(renderRequest);
String param1_ = servletReq_.getSession().getAttribute("param1").toString();
}
As you can see, I tried to retrieve from getHttpServletRequest and from getOriginalServletRequest, but I always get the param1 null.
Any suggestion?
Thank you in advance!
Update question:
I'm being called from a third part, and I'm receiving a GET parameter I want to evaluate.
After that, and not rendering a page in the middle, I want to redirect to one or another Portlet, depending of that evaluation.
I need to send some personal information to those Portlets, so I want to send some parameters in POST method.
A Servlet doesn't fit as doesn't share session with Portlets.
I've tried to implement a landing Portlet, but the redirect can only be done in action phase, so I'd need to render a (empty) page before the redirect, don't like that part. Render phase doesn't allow redirect (even getting PortalUtil.getHttpServletResponse(), doesn't work)
Any suggestion? Thanks!
A servlet and a portlet will not share the same session. The portlet is living within the portal server, e.g. Liferay. The servlet is typically in its own web application, thus completely separated by design.
If you need to communicate between the two, here are two possible solutions/workarounds:
reimplement your servlet as a portlet, potentially utilizing the resource-phase of a portlet
use a request parameter instead of a session attribute
Edit after all of the comments:
It seems best to take a step back and look at the underlying problem - what is the problem that you're actually trying to solve? The content of your question is how you're trying to solve it, and obviously there are challenges. It looks like the problem needs a different solution in the first place.
My answer describes why your solution can't work, but that obviously doesn't help solving the underlying problem.
I have question:
Look, When user goes to my web page I want to get info about the user from his cookie or special ID which is in database and render for example hello User1 on my page when user on the page.
Where I have to perform this operations in filter.init() before user will request the servlet or on servlet.init() or would be fine to get this particular info in servlet.doGet()???
Thank you.
With best regards.
Generally, you want to use filters to transform input or output, or to set up pre-conditions for your servlets.
In your particular case, because it's so simple, it probably doesn't really matter which one you choose. However having filters perform authentication and authorization is very common, so you could have your filter check the cookie and / or query the database for the user information, and add it as a request attribute. After that, have the servlet do the work of preparing or writing the message, using the prepared request attribute. As a general rule, you don't want to write output in a filter.
In either case, you won't be using the init method of either the filter or the servlet for this task. The init method is called to initialize the filter or servlet when the application server creates the object, and may or may not be called for every request (in fact, it's probably not called for every request).
in your Filter , use method doFilter
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
throws java.io.IOException, ServletException {
//check cookie or anything you want
}
I'm new in the Java world. I am trying to develop an ACME Demo using a simple CSV file as a database to validate user names and passwords. I wonder if it is possible to make some hyperlinks on the index.jsp page, which will take you to other jsp pages of the same website if you click them. As far as I know hyperlinks will invoke the doGet method inside the servle, where -in my case- you gonna be redirected to those secure jsp if your credentials are valid of course. So it has worked for just one hyperlink and I would like to make things more dynamic no matter how many links are there??!!
jsp
Content1
<!-- Here I would like to add more links -->
Servlet
#Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
processRequest(request, response);
//response.sendRedirect("login.jsp");
HttpSession session= request.getSession(true);
if ((session.getAttribute("userSession") != null) && (session.getAttribute("userSession").equals(session.getId())))
{
response.sendRedirect("content1.jsp");
// How can my doGet method manage multiple links here?
}
else
{
response.sendRedirect("login.jsp");
}
}
You should use a servlet filter.
A filter is a component that will be invoked for all the requests to a given url-mapping, and/or for all the requests to a given servlet.
The filter can then check if the user is logged in. If he's loged in, it asks the container to proceed, i.e. invoke the target servlet as if there was no filter. If he's not logged in, the filter can return an error, or redirect to a login page, or do whatever it wants.
See http://www.oracle.com/technetwork/java/filters-137243.html for an introduction and examples of servlet filters.
I am building a simple WebApplication using servlets. I am a beginner but have tried to learn the most of this technology. There is something I cannot figure out. One of my servlets is the useful BalusC FileServlet
http://balusc.blogspot.mx/2007/07/fileservlet.html
It responds to GET requests with the required file, nice and clean.
I use this FileServlet to serve CSV files for a Dygraph
http://dygraphs.com/
I have two types of users: guests and admins. Guests should be able to SEE the graph BUT NOT be able to DOWNLOAD the CSV file. Admins should be able to do both.
The fileServlet responds to URL-patterns as: file/* (* is the filename), and it is VERY convenient as the Dygraph reads for a file as specified in an URL.
There is a loginServlet built within this webapp, and I want to be able to avoid the fileservlet to GIVE the file if the user just copy-pastes the URL that is given for the Dygraph. The FileServlet is already capable of getting the session and loggeduser from that session, but I don't know how to detect what was the page that called the GET method. I want the fileservlet to serve the file ONLY when called from within the JSP code, and not from the browser's address bar.
Let me explain a bit:
I mean -as a guest user- the following Javascript code should display the graph (the FileServlet serves the file)
<div id="graphdiv2" style="width:640px; height:480px;">
<script type="text/javascript">
g2 = new Dygraph(
document.getElementById("graphdiv2"),
"${messages.rutacsv}", // path to CSV file
{
rollPeriod: 10,
showRoller: true
}
);
</script>
</div>
The variable:
"${messages.rutacsv}" gets replaced by the servlet for something that looks like this:
"file/2012-04-20_1.csv"
So the Dygraph loads the file nicely and plots the lines.
BUT, I want the FileServlet to be able to detect when the user copypastes this URL after the ContextName and block it, so only the Dygraph can download the file.
For example, if the user types in his browser:
http://localhost:8080/MyWebApp/file/2012-04-20_1.csv
It shouldn't be able to download it. Only admins should be able to.
NOW, I am thinking that maybe I should implement the FileServlet so it has to be called with another URL pattern or with a POST method so a simple user copy-pasta can't get past the "origining-JSP" check.
BTW, I'm coming back from trying with Struts2, which is by far too complicated for this application. I abandoned it for convenience and ease of development with simple servlets and JSPs.
Use a filter to check a user role. That's, before the any important action is necessary to check whether the user has a right to this action. This is the task servlet filter.
You must implement the method doFilter() in your class extending javax.servlet.Filter as follows:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpSession session = req.getSession();
String currentRole = (String) session.getAttribute("userRole");
if ("admin".equals(currentRole)) {
successRedirect();
} else {
failRedirect();
}
chain.doFilter(request, response);
}
And don't forget map this filter to the needed address in the web.xml file:
<filter>
<filter-name>CheckRightAccessFilter</filter-name>
<filter-class>yourproject.CheckRightAccessFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CheckRightAccessFilter</filter-name>
<url-pattern>*.csv</url-pattern>
</filter-mapping>
Use servlet filter who check the submiited url and on the basis of the session object it identifies the user role. If it finds the authorized user then it can redirct to the download page
Hey guys i'm working on admin module for my project. When a person logs-in, a request is sent to login servlet. When it further ask for some other report by clicking other options a request for the report is sent to other servlet which gives the result on the page which is shown at the time of user which is of normal type. The session is lost between two servlets.
I am trying to navigate the generated report on some other page but for that i need to know user type in second servlet. This can be done by fetching value of user_type from login module bean class.
How to handle this situation? thanks
My login servlet is :
LoginService user = new LoginService();
user.setUserName(request.getParameter("username"));
user.setPassword(request.getParameter("password"));
user = UserDAO.login(user);
if (user.isValid())
{
HttpSession session = request.getSession(true);
session.setAttribute("currentSessionUser",user);
if(user.getUser_type().equalsIgnoreCase("admin")){
response.sendRedirect("administrator/homepage.jsp");
}else{
response.sendRedirect("homepage.jsp"); //logged-in page
}
}
else
response.sendRedirect("invalidlogin.jsp"); //error page
}
i tried using this in second servlet:-
LoginService session = (LoginService)request.getAttribute("currentSessionUser");
String drake = session.getUser_type();
System.out.println("usertype = " +drake);
Here LoginService is the bean class of login module. i'm get a nullpointer exception here.
I think you're trying to do stuff that your web container should handle for you... A session should automatically be maintained over the course of multiple servlet calls from the same client session. Methods from HttpServlet are given a HttpServletRequest. You can obtain the corresponding HttpSession using one of the getSession methods of that class.
You can bind stuff to the HttpSession using setAttribute and getAttribute.
EDIT: I'm taking this from the Servlet spec 2.5:
A servlet can bind an object attribute into an HttpSession implementation by name.
Any object bound into a session is available to any other servlet that belongs to the
same ServletContext and handles a request identified as being a part of the same
session.
I think you're better off getting the HttpSession object from the HttpServletRequest (at least assuming it's a HttpServlet) and setting/getting attributes through that. If you choose a proper name (it follows the same convention as Java package naming) for your attribute, you can be sure the returned object, as long as it's not null, can be cast to whatever type you put in there. Setting and getting attributes on the request itself isn't gonna help, I don't think stuff will get carried over from one servlet call to the next unless you call one servlet from the other with a RequestDispatcher, but that's not what you're after here.
So in your second code sample, do (LoginService)request.getSession().getAttribute("currentSessionUser");, that ought to work. Make sure to check for nulls and maybe choose an attribute name that uses your project's package name convention (like com.mycompany...).
I wouldn't mind a second opinion here since I'm not much of an EE/web developer.