In my spring mvc application,I am facing a problem of page reloading on every request.Is there any way to restrict that.To be more specific,When I return the name of index.jsp page from controller it will obviously reload the page.How Can I restrict that thing in the index.jsp page.Suppose some part of the page is required to interact with Database and it should be shown on the same index.jsp page as well.How I can achieve this requirement without reloading the index.jsp page completely.Could you please provide me some example for that.
You can use Filter for that. I am not providing any code here, just try to explain the concept.
Filters have a wide array of uses; the Servlet 2.3 specification suggests the following uses:
authentication filters
logging and auditing filters
image conversion filters
data compression filters
encryption filters
tokenizing filters
filters that trigger resource access events
XSL/T filters that transform XML content
MIME-type chain filters
Use a Filter when you want to filter and/or modify requests based on specific conditions.
Use a Servlet when you want to control, preprocess and/or postprocess requests.
Filter are best suited for authorization, because it can be configured to run for all pages of a site. So you only need one filter to protect all your pages.
Useful Links:
filter tutorial
filter in detail
referred answer
Oracle tutorial on Filter
sorry if i missunderstanding you!
i don't know what do you want to do but i can imagine the following solution.
first direct call to jsp should check a session value, if not exists, redirect from jsp to servlet, in the servlet do what you wand and finally put this session value, and redirect back to jsp.
a good concept depends on what you want to do exactly. You can manage this issue using a PhaseListener or a Filter. but if you just want to manage this one redirect, then no need of Filter or PhaseListener
Related
I have an iframe inside a jsp which is for processing payment using a third party payment provider.
When I get the response from payment provider, I use another jsp file just for breaking out of iframe (using javascript, as I could not find anything to do this in jsp, and probably there is no such way to do it in jsp AFAIK).
Now, the problem for me is the error scenario. When I receive some error from the payment provider, I want to display that on top of the page where I am redirecting to after breaking from iframe.
We use flash attributes for dispalying the error messages while doing redirect from spring mvc using redirect:.
But I am not sure how to do that when using a browser redirect.
One solution (Post/Redirect/Get pattern) I could think of is to append the error respone in the url which I am using in the redirect from breaking out of iframe.
But this would require changes to our jstl tag files and that will be different from the design of our existing code.
Can anyone point me to some better solution for this?
I ended up using session variable.
So just added a session variable in controller, and before the view was passed on from the last controller, copied the session variable into the redirect flash attributes and then it worked. I know this may not sound good enough, but that's how I had to make it work.
Hi I am actually trying to get tips or ideas on a very specific problem. The technology context is
java web app with JSF 2.1 .
So I have a simple java ee app powered by JSF 2.1. The structure is the following
\webapp
\WEB-INF
\templates
header.xhtml
menu.xhtml
web.xml
\secured
\operation1
op1.xhtml
\operation2
op2.xhtml
\operation3
op3.xhtml
userhome.xhtml
login.xhtml
I have one #WebFilter that restricts the access to /secured/* in case the 'user' bean is not set (Actually a Session Scoped Bean).
At the same time upon login, I create a dynamic Menu depending on the user credential. this menu (MenuItems) point to one or more operations (xhtml pages).
So far so good, the user logins, the menu is dynamic, links are being generated and upon clicking he/she can navigate to whatever operations he/she is supposed to do.
My problem is that I can not decide on an elegant way on restricting access to the absolute url of these pages . If user1 is 'authorized' to execute operation1 but not operation2 or operation3, currently I can not find the most elegant way on checking his session state and applying a generic rule (navigation rule?), if the actual web user, writes on the url bar the absolute path of the operation.
'/secured/operation1/op2.xhtml'
What is the most JSF2 compatible way on achieve that kind of requirement?
I have tried the preRenderView on each separate opxx.xhtml page , unfortunately it did not work + i dont like repeating it on each operation
Many thanks for your tips.
Security in web applications is a more advanced topic. Basically you have two ways:
Container based: This means your servlet container like Tomcat does the job for you (recommended)
Application based: You have to do the job on your own
How to setup container based security is explained in detail here. To summarize it, you have to implement a simple form (no JSF form!) with a specific action and specific ids for the username and password field. Afterwards you can easily restrict access to specific URL patterns using your web.xml file. In the web.xml file you restrict access to certain URL patterns for certain user roles. The mapping from usernames to user roles is done by a security realm. How to setup a security realm is desribed e.g. for Tomcat here.
If you want to implement security on your own, you have to implement a ServletFilter that inspects all requested URLs and either forwards users that are not logged in to your login form or passes the request through if the user is authorized. If the user is not authorized to see the page, you will have to forward the user to your error page. As CDI injection does not work for ServletFilter, you will have to lookup the bean that stores the information about your user (logged in, rights) from the HttpSession.
I wrote custom servlet in Liferay and want to know which user page calls it and know other parameters like theme. But the request's attributes and session fields are all nulls.
How to make custom servlet to receive request as if portlet does?
Thanks
P.S. I don't want to use this solution https://www.everit.biz/web/guest/blog/-/blogs/getting-current-liferay-user-in-a-standalone-webapp?_33_redirect=/web/guest/blog
which reads cookies manually. I want to do such as Liferay does, i.e. by using it's API. Is it possible?
Update 1.
I have a portlet and a servlet in one WAR. I can know who am I (logged in user) from within portlet JSP like this:
HttpServletRequest request = (HttpServletRequest)pageContext.getRequest();
ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(WebKeys.THEME_DISPLAY);
themeDisplay.getUser()
Now I want to do the same from a servlet. Is it possible?
I am working in eclips which deploys automatically.
You either have to mimic what Liferay does in the portlet request handling (not recommended) or, alternatively, put your servlet code into a portlet - this can be the "resource handling" of a portlet - here you get full access to the http request and can do everything yourself with regards to data types transmitted in the stream.
I'd rather recommend this as it will be significantly easier to upgrade. Portlet Resource Handler are very similar to servlets from a logical point of view. There might be other (more advisable) options, but this is what comes to my mind for this type of problem.
I have a simple web application running in Tomcat. There is a servlet which is forwarding the request and response to a jsp page which in turn prints something to the browser.
Now I have an aspect which captures the response. In this case a HttpServletResponse. Now what I want to do is that I want to capture the reponse and add some content in it to be displayed in the browser through JSP page.
I dont want to add the content in the jsp page rather I want to add some content without changing my jsp or servlet, using runtime weaving functionality of aspectJ.
I have not been able to figure out any solution yet.Please help me with this.Thanks.
We don't do that with the response. Request object is a better candidate for that. You must understand that JSP is a server-side technology, therefore your request used to be alive in the JSP page.
Moreover, I would suggest you to look at Servlet Filters, those are meant for this kinda scenarios.
My Spring Dispatcher servlet url-pattern is /* (as spring MVC REST suggests)
Now all the request are resolved by this Servlet. even CSS/JS/Images also get resolved and handled by servlet..
So, Spring MVC tries to find controller.. :(
How to bypass this? Is there any standard way out of this problem??
& Don't want to change url-pattern to /rest/* (so, other static resources get accessed by /css/ or /js etc.)
You can map your controllers to a smaller set of URLS (i.e. /app/*), and then rewrite the URLs that your users actually see so that they don't even know about. Have a look at the mvc-basic webapp sample, particularly web.xml and urlrewrite.xml to see how this is done.
Map the Spring dispatcher to some subsection of the URL space, and use Tuckey to rewrite URLs the user deals with.
http://www.example.org/app/controller/action -> http://www.example.org/controller/action
Just a heads-up update on this: the default rewrite configuration as defined in the Spring sample did not work out of the box for me. The rewrite rules for stylesheets, scripts, etc. were still processed to the /app/* rule, and subsequently handled by the DispatchServlet, which is not desirable.
I had to add the last="true" attribute to the styles/scripts/images rules to indicate that other rules should not apply, and I had to use the FreeMarker Spring URL macro in any CSS/JS include paths.
Just in case someone encounters the same problem.