I am used to web MVC where this would happen each event/request:
Clicks link for site.com/login
Router would figure out where the user is going
Dispatcher would load up the Login controller
I am attempting MVC in Java and I have hit a little bump with the flow of things.
The user clicks a button to open a new window, the controller catches this event. We are currently in the controller so is this the place where you dispose/hide the current window and load up the new controller which will in turn display the new requested window?
It is the only place I can think of or are there better ways to accomplish this? Something does not seem right about it to me.
Any help would be great thanks.
Use case for login is different from regular controller. Login should be called anytime unauthenticated user tries to access secure pages. So for login controller you could pass the url of the page user tries to access, so the Login Controller could redirect to it after Login is processed.
For regular controllers, depending on what they do you could return all the model and the view for the new page in the same controller which processes the request (This is especially true for GET requests). For post you could either return the model or redirect.
Related
I'm one of the developers of an application in what we have a login page to enter the dashboard. Inside the dashboard, there are different links that send you to other parts of the application.
The problem comes when you want to enter one of the internal links when you are no login. so in the browser you enter the address, put your credentials to continue to the web page, but instead, you are redirected to the dashboard.
The webpage I want to enter is:
http://localhost:8080/admin-ng/index.html#!/events/events/cd15fb84-d6b1-49ab-a28c-e5e07683907e/tools/editor
but after login always redirects to the dashboard:
http://localhost:8080/admin-ng/index.html#!/events/events
Then if I enter again the address works.
Also, I tried with a rest endpoint to call again the address after you log in, but it doesn't work, it is the same behavior.
I think it should be with the spring security config file. In how handle the requests after you are log in. I think it loses the rest of the information after the "#". What I can do?
Thanks
Maybe you could add a success handler bean:
.loginPage(LOGIN_FORM_URL)
.loginProcessingUrl("/login")
.successHandler(successHandler())
...
#Bean
public SavedRequestAwareAuthenticationSuccessHandler successHandler() {
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setTargetUrlParameter("myredirectparam");
successHandler.setDefaultTargetUrl("mydefaultredirect");
return successHandler;
}
The problem comes from your authentication success handler, or your entry point.
I suggest to debug to figure out what is put in the INITIAL_REQUEST_PATH session attribute and if it is what you want.
The first step, in SpringMVC application, may be mapping a URL to one Controller (not a Jsp page) to display the HomePage using GET method, isn't it? After the form, in my spicific app, is filled, the same controller get the information, do some verifications and the return a logical view name to InternalViewResolver to show the second page.
My question is: when user click a icon or button in the second page, how does the next controller be selected to run? Is still a URL mapping? or any way else?
thanks!
kenneth
Short answer is, Yes. Whether you use ajax request or form submission, you will need to have a controller with appropriate mapping url that will process your request further depending on the code your controller contains.
when user click a icon or button in the second page, how does the next controller be selected to run? Is still a URL mapping? or any way else?
yes, because Spring MVC uses url pattern which itself is a concise and simple way for mapping set of urls.
When you click image or link in ur view page, you allow Controller and DispatcherServlet to receive user's request and after that dispatch request to controller. Then MappingHandler will choose which one is right url request that client requesting by following HttpServletRequest mechanism.
public interface HandlerMapping {
HandlerExecutionChain getHandler(HttpServletRequest request) throws Exception;
}
After this Controller will do real work of processing request/view page.
Note that: URL pattern itself follow simple ways to run the correct url by analyzing every character in a pattern which must match the corresponding character in the URL path exactly with two exceptions.
In Spring MVC, you can do either this
Other site
or that
<spring:url value="/othersite"/>
then URL pattern will be matched by controller itself.
I'm been search for a solution for this problem for a while and didn't found any!!
To explain the problem I will give and example:
Let's imagine that I have a search page X with results (x1....x10) and a form to give feedback. This form will call a link for a controller (java spring controller) defined as '/feedback.html'. After the submit the feedback, the controller should return again to X with the same results. And here is the problem, how can I do this? because this feedback controller can go to X or to any other page depending where the form is!
In summary: How can I do the javascript history(-1) in the controller (java spring controller)??
Thanks
If you access the search page like this:
http://domain.com/search/query
or
http://domain.com/search?query=text
Then you can just pass this ulr along with the feedback form (by adding a hidden input with its value the URL)
<% request.setAttribute("redirectURL",
request.getAttribute("javax.servlet.forward.request_uri"));%>
<form:hidden path="redirectURL" value="${redirectURL}"/>
And then in the controller simply access the redirectURL property and redirect to the search page with the same query showing the same results.
The "redirect" Spring capabilities is usually used within a PRG pattern. Given your title and your use case, I'll assume you're trying to get redirected to the search page or another page after submitting your form (form action seems to be '/feedback.html').
So basically you have your feedback controller which should have a #RequestMapping annotated method like #RequestMapping(value = "/feedback.html", method = RequestMethod.POST). From there and within this method, you can redirect the request anywhere you want by returning a String matching an existing mapping in you Spring app (for example, if you want to redirect to the search page, given your search page is mapped with #RequestMapping(value = "/search.html", method = RequestMethod.GET), simply return "redirect:/search.html".
Note that the whole "search page" logic will have to be re-run (the redirect issuing a new GET request) so if you don't want that to happen, you will indeed have to store the search results in session (not sure what sense does that make... but it's possible).
EDIT : If your URL mapping permits it, you can also redirect the request to the search page with search parameters included, something like : "redirect:/search.html?myParam=10".
I think, in the search controller, you can store X in session and at the end of your feedback controler send a redirect to an URL that call the search controller (same methode or another one) that load the search result page using the X held in session.
You can also pass the X parameter with hiden field (if you dont want to use session).
I have a web app that uses a Java Bean for login functions right now and all of the JSP pages check the Bean to make sure the user is logged in. I am also introducing some AJAX functionality now with servlets and I see that of course those exchanges don't check authentication. I'm wondering how I should handle this. For example, I don't want someone to be able to logout, hit back button, then submit something with the AJAX functions successfully.
I can't access the bean from the servlet to check the login (totally wrong context and static vs non-static). I guess I could set a flag with the user entry in the database table denoting logged in or not. Then I can detect timeout logoffs and update the flag as well. But that way would require extra database accesses every time something is done. It would duplicate functionality in some way, but I guess I could perhaps use that just for the AJAX stuff. One difference with that would be the user would not be able to be logged in on multiple places at once as currently.
How is this kind of thing normally done?
Thanks for any help!
You could use session to store that flag instead of the database, and when the user logs out you should remove that flag and destroy the session. In login method
HttpSession session = req.getSession(true);
session.setAttribute("loggedIn",true)
And in your AJAX code
if(eq.getSession(true).getAttribute("loggedIn")==true)
doWork();
else
error("not logged in");
The webcontainer will handle timeouts for you, keep track of each user and his session, and so on.
But I would recommend that you use a standard for managing authntication
I want to secure (temporarily) my application by create front page with captcha and simple form. I suppose Spring Security is too complicated for this task. How can I catch all requests and check if some attribute in session is set? If it is set then all these #RequestMapping methods should be executed, otherwise redirect to one front page.
Have a handler interceptor defined and applied to all the handlers. The example in that link shows you also how to perform the redirect. Also check the mvc:interceptors for the Spring 3 - like configuration.
You can simply configure a Filter for this