Seam security and pretty faces

Splash Forums PrettyFaces Users Seam security and pretty faces

This topic contains 16 replies, has 3 voices, and was last updated by  Christian Kaltepoth 5 years, 9 months ago.

Viewing 15 posts - 1 through 15 (of 17 total)
  • Author
    Posts
  • #18119

    zee
    Participant

    Using latest Seam 3 and AS7 7.1 beta.

    I have a page that uses seam security, it has a url param, the page needs to render only if seam security says it can (true come @secure method). The page backing bean produces an object injected into seam security @Secure method. But seam security is not being invoked, page is always rendering.

    My view config enum:

    @ViewPattern("/homes/eventHome.xhtml")
    @UrlMapping(pattern = "/event/#{eventId}")
    @AccessDeniedView("/home.xhtml")
    @Authorized
    EVENT_HOME,

    @FacesRedirect
    @ViewPattern("/*")
    @AccessDeniedView("/home.xhtml")
    @LoginView("/login.xhtml")
    ALL;

    Seam security method:

    public @Secures
    @Authorized
    boolean isPublicEvent(final SecurityObj event) {
    if (event == null || SportivityVisibilityEnum.PRIVATE_SPORTIVITY.equals(event.getSportivityVisiblity())) {
    log.warn("event was null");
    return false;
    }
    return true;
    }

    backing bean:

    @Inject
    @RequestParam("eventId")
    private Instance<Long> eventId;

    @Produces
    public SecurityObj getEvent() {
    if (eventId.get() == null) {
    log.warn("event id was null");
    return null;
    }
    event = entityManager.find(SecurityObj.class, eventId);
    return event;

    }

    Does my config look right? Am I missing anything? How to get pretty faces to work with seam security?

    Also I wanted to use @RestrictAtPhase(PhaseIdType.RESTORE_VIEW) for @Authorized but prettyfaces cannot deal with url param. I had to leave the default phases.

    #21842

    Hey zee,

    I’m not an expert for Seam Security. So I cannot give any advice here. But I think you should post this question on the Seam forums. For me it looks like an issue with the PrettyFaces integration of Seam Faces and the way Seam Security is integrated with the request processing lifecycle.

    Christian

    #21843

    zee
    Participant

    Hi Christian,

    It does seem an issue with Pretty faces integration with Seam security. Is there anything special I need to do with Pretty Faces for query params to work? You can see my URL mapping in code and passed Id.

    Thanks!

    #21844

    Hey zee,

    no, you don’t have to do anything to make query parameters work with PrettyFaces. This works out of the box.

    I really don’t know what is going wrong here. In your setup PrettyFaces just forwards requests to pages like /event/123 to /homes/eventHome.xhtml with a servlet forward. I have no idea why Seam Security isn’t invoked in this situation. I’m not an expert on how Seam Security is working.

    I really think you should ask this question on the Seam forums. Seam Faces offers integration for both PrettyFaces and Seam Security, so there seems to be something wrong there.

    Sorry I cannot help you here! :(

    Christian

    #21845

    zee
    Participant

    Hey Christian,

    I got security to work. It was an issue with an entity bean being in the wrong life cycle.

    But the issue I don’t understand with Pretty faces is URL mapping. If I have this in Seam faces:

    @ViewPattern("/homes/eventHome.xhtml")
    @UrlMapping(pattern = "/event/#{eventId}")
    EVENT_HOME,

    When I go to localhost:8080/homes/eventHome.xhtml?eventId=99 the query param in backend bean gets set correctly. But when I use localhost:8080/event/99 the query param is not set in the backend.

    Does Prettyfaces URL mapping work both ways; from xhtml view to rewritten URL and vice versa? Or do I have to create another mapping rule?

    Users will be seeing /event/99 URL, so this the mapping I want to work with query param.

    Thanks!

    #21846

    If you configure the mapping like this the query parameter should work for an URL like /event/123. So there is definitively something wrong in your case.

    From your code I saw that you are using @RequestParam to inject the query parameter. What kind of annotation is this? I’ve never seen this before.

    Could you try to read the query parameter using:

    HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
    String value = request.getParameter( "eventId" );

    I just want to know if this works.

    Christian

    #21847

    Acrually, I think you might need to do:

    @ViewPattern(“/homes/eventHome.xhtml”)

    @UrlMapping(pattern = “/event/#{eventId : }”)

    EVENT_HOME,

    Notice the extra “:” in the pattern.

    Otherwise prettyfaces will treat this value as a bean value in which to inject.

    -lincoln

    #21848

    @lincoln: Are you sure? I always thought that only expressions containing at least one dot character are treated as injections. But it’s worth a try. :)

    #21850

    zee
    Participant

    I took out my mappings from Seam Faces format in ViewConfig(just to be sure it’s not a Seam prettyfaces integration issue), and put below in pretty-config.xml:

    <url-mapping id="eventHome">
    <pattern value="/event/#{eventId:}" />
    <view-id value="/homes/eventHome.xhtml" />
    </url-mapping>

    I tried it with and without : in pattern, neither works.

    When I go to http://localhost:8080/event/67, I get The requested resource (/event/67) is not available in browser.

    Christian, @RequestParam is from Seam Solder, it injects a request param from request context map. I used what you suggested, still it does not work with /event/67 URL.

    I put a breakpoint, the backing bean that has eventId field, does not even get called. So pretty faces is not mapping event/eventid to eventHome.xhtml. but it maps it the other way around.

    I’m stuck on this.

    #21851

    zee
    Participant

    I debugged Prettyfaces, it comes down to this method that’s called from PrettyPhaseListener:

    public void injectParameters(final FacesContext context)
    {
    log.trace("Injecting parameters");
    PrettyContext prettyContext = PrettyContext.getCurrentInstance(context);
    URL url = prettyContext.getRequestURL();
    UrlMapping mapping = prettyContext.getConfig().getMappingForUrl(url);

    if (mapping != null)
    {
    injectPathParams(context, url, mapping);
    injectQueryParams(context, mapping, prettyContext);
    }
    }

    Two cases:

    1- when I use /homes/eventHome?eventId=67 Prettyfaces intercepts the request, it does not inject parameters, mappping in above method is null.

    2- When I used /event/67 Prettyfaces does not intercept the request, AS7 gives 404 resource not found. What gives?

    What do you guys think about above? Also, can you tell me if Prettyfaces work with URLS that go to both patterns and views or only patterns?

    It looks like Prettyfaces can map the outbound URL, but does not work with inbound URL mapping.

    #21852

    The injectParameters() method isn’t important in your case. Let me explain what PrettyFaces SHOULD do:

    • PrettyFilter should intercept requests like /events/123
    • PrettyFaces parses the URL and extracts the path parameters (i.e. the event ID)
    • PrettyFaces wraps the HttpServletResponse using PrettyFacesWrappedResponse class
    • PrettyFacesWrappedResponse now will return the values of the path parameters for calls to get getParameter()

    What is really strange is that you are getting a 404 for the mapped page. Did you manually configure PrettyFaces in the web.xml? Could you post your web.xml?

    #21853

    zee
    Participant

    I did not configure Prettyfaces in web.xml. my web.xml:

    <context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
    </context-param>

    <!-- File upload settings -->
    <context-param>
    <param-name>org.richfaces.fileUpload.createTempFiles</param-name>
    <param-value>false</param-value>
    </context-param>

    <context-param>
    <param-name>org.richfaces.fileUpload.maxRequestSizes</param-name>
    <param-value>2147483648</param-value>
    </context-param>

    <context-param>
    <param-name>javax.faces.DEFAULT_SUFFIX</param-name>
    <param-value>.xhtml</param-value>
    </context-param>

    <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.xhtml</url-pattern>
    </servlet-mapping>

    <servlet>
    <servlet-name>Remoting Servlet</servlet-name>
    <servlet-class>org.jboss.seam.remoting.Remoting</servlet-class>
    <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
    <servlet-name>Remoting Servlet</servlet-name>
    <url-pattern>/seam/resource/remoting/*</url-pattern>
    </servlet-mapping>

    <welcome-file-list>
    <welcome-file>/index.html</welcome-file>
    </welcome-file-list>

    #21854

    What is the context-root of your application? It appears you are not using one? Is that intentional? That would cause a 404 error if it had been missed (just checking.)

    http://localhost:8080/event/67

    vs.

    http://localhost:8080/myapp/event/67

    #21855

    Ah, I see this is the same for the original URL as well. TBH, I’m not sure what’s going on here. Could you perhaps send us a sample app that reproduces this problem?

    lincoln@ocpsoft.com

    thanks.

    #21856

    I also don’t see any reason why you are getting a 404 for the pretty URL. This is very strange. A minimal sample application would be really helpful for debugging this. Would this be possible?

Viewing 15 posts - 1 through 15 (of 17 total)

You must be logged in to reply to this topic.

Comments are closed.