PrettyFaces inbound rule not working

Splash Forums PrettyFaces Users PrettyFaces inbound rule not working

Tagged: 

This topic contains 5 replies, has 3 voices, and was last updated by  Lincoln Baxter III 4 years, 11 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #18447

    zee
    Participant

    I’m using prettyFaces 3.2, Seam 3.1, Tomee 1.0.0

    I have this rule:

    <url-mapping id="organizationHome">
    <pattern value="/organization/#{organizationId}" />
    <view-id value="/homes/organizationHome.xhtml" />
    </url-mapping>

    When a user visits the site using

    http://localhost:8080/organization/b16871df-336c-4098-b750-89e05a37c04e

    it works. But sometimes the user is not logged in, I store the current page’s URL in session map. When a user logs in, I redirect to url from session map post login. However, when I store the url in session map it’s the ugly url like this:

    http://localhost:8080/homes/organizationHome.xhtml?organizationId=b16871df-336c-4098-b750-89e05a37c04e

    PrettyFaces does not rewrite the ugly url above when it’s inbound URL. Do I need to change my rule for that to happen? Or can I use some API from PrettyFaces that takes ugly URL and returns a pretty URL? So I prettify the URL and store it in the session map.

    As far as I understand, PrettyFaces takes the pattern from rule, and redirects to view-ID. But not vice versa, is this correct?

    -PS I cannot use prettyConfig integration with Seam, because I need some custom workflows that are not supported.

    Thanks!

    #22643

    If a URL matches the pattern part of a rule the request is internally forwarded to the viewId URL. This forwarded request doesn’t know anything about the pretty URL anymore and for application code it looks like the user accessed the ugly URL.

    So if your are storing the requested URL in the session for unauthenticated users, you are actually storing the ugly URL, which is surely not your intention. But there is still a way to obtain the original pretty URL using this code:

    PrettyContext.getCurrentInstance().getRequestURL().toString()

    So if you use this code to obtain the original pretty URL and store this one in the session map, everything should work fine. :)

    Regarding your Seam question. Could you perhaps open a separate topic for this and describe in details what is not working as expected?

    Christian

    #22644

    zee
    Participant

    Thanks, it works.

    Regarding seam topic, I already asked on Seam forum. I needed dynamic security per object, where some users can access an URL and others cannot based on the requested object. It would have required many workarounds, it was simpler and more efficient to do it manually. All of security in Seam is based on ViewsConfig which is not flexible enough for my app’s needs.

    #22645

    To be honest, I for myself always implement such security on object level manually. Actually it’s very simply in most cases.

    <url-mapping id="organizationHome">
    <pattern value="/organization/#{orgPageBean.organizationId}" />
    <action>#{orgPageBean.loadData}</action>
    <view-id value="/homes/organizationHome.xhtml" />
    </url-mapping>

    public class OrgPageBean {

    /* ... */

    private Long organizationId;

    public String loadData() {

    Organisation organization = organizationDao.getById(organizationId);
    if(organization == null || !permissionChecker.canRead(user, organization)) {
    PrettyContext.getCurrentInstance().sendError(404);
    return null;
    }

    }

    }

    BTW: As far as I know Lincoln wrote an enhancement for Seam Security that supports permissions on object level. But I don’t know about details.

    #22646

    zee
    Participant

    Yes, the pattern you listed above is similar to the one I used except that I call a load method from meta-data section of XHTML.

    I have been working with Seam Security 3.1 and I have not seen anything for object level permissions. Hopefully with Deltaspike getting released this year security will be polished and most use cases covered. Thanks for your help!

    #22647

    Seam Security 3.2.0-SNAPSHOT provides object level security :) I use it in SocialPM:

    https://github.com/ocpsoft/socialpm/blob/master/gwt/src/main/java/com/ocpsoft/socialpm/gwt/server/rpc/ProfileServiceImpl.java#L79

    https://github.com/ocpsoft/socialpm/blob/master/gwt/src/main/java/com/ocpsoft/socialpm/gwt/server/security/SecurityRules.java#L30

    It’s actually a feature that I implemented, but there has been no 3.2.0 release yet. We should probably see if we can make that happen. I’ve just been using SNAPSHOTs while I wait for DeltaSpike. It’s actually already implemented in DeltaSpike as well (I made sure to integrate it there as well, but I think there are a few other pieces of the security mechanism that are missing.)

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Comments are closed.