Simple login rewrite

Splash Forums Rewrite Users Simple login rewrite

This topic contains 4 replies, has 2 voices, and was last updated by  Lincoln Baxter III 4 years, 8 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #18688

    RedShadow
    Participant

    Hello there, I hav a simple scenario where I want to map the URL “/admin” to either “/admin/login.xhtml” or “/admin/admin.xhtml” based on whether the user is logged in or not.

    I have tried a lot, but couldn’t get it to work.

    First problem is, when I call “/admin” I get the session id appended to my URL, even with setting the tracking mode in web.xml to cookie only. The page that is actuall rendered is my error page with status code 404, which is not what I expected. There is no log output in the console.

    Using JBoss AS 7.1.0.Final with CODI 1.0.5

    public class SystemConfigurationProvider extends HttpConfigurationProvider {
    @Inject
    private UserSessionBean userSessionBean;
    @Override
    public Configuration getConfiguration(final ServletContext context) {
    Condition loggedIn = new Condition() {
    @Override
    public boolean evaluate(Rewrite event, EvaluationContext context) {
    return userSessionBean.hasBackendAccess();
    }
    };
    ConfigurationBuilder config = ConfigurationBuilder.begin();
    config.addRule(Join.path("{0};" + context.getSessionCookieConfig().getName() + "=w+{1}").to("{0}{1}"));
    /*
    * Redirect to login page if not logged in
    */
    config.defineRule()
    .when(DispatchType.isRequest()
    .and(Path.matches("/admin"))
    .andNot(Path.matches("/admin/login.xhtml"))
    .andNot(loggedIn))
    .withPriority(Integer.MAX_VALUE)
    .perform(Forward.to("/admin/login.xhtml"));
    /*
    * Redirect to admin page if logged in
    */
    config.defineRule()
    .when(DispatchType.isRequest()
    .and(Path.matches("/admin"))
    .and(loggedIn))
    .withPriority(10)
    .perform(Forward.to("/admin/admin.xhtml"));
    return config;
    }
    @Override
    public int priority() {
    return 10;
    }
    }

    #22923

    Which version of rewrite are you using?

    Instead of this:

    config.defineRule()
    .when(DispatchType.isRequest()
    .and(Path.matches("/admin"))
    .andNot(Path.matches("/admin/login.xhtml"))
    .andNot(loggedIn))
    .withPriority(Integer.MAX_VALUE)
    .perform(Forward.to("/admin/login.xhtml"));

    Why not use Join instead?

    .addRule(Join.path("/login").to("/admin/login.xhtml").withInboundCorrection()).wnen(Not.any(loggedIn))

    Also. Both of your rules forward to /admin/login.xhtml, so I’m not really sure what you are trying to achieve there.

    Regarding the JSessionID, let’s work that out once we have figured out your problem with this 404 page.

    ~Lincoln

    #22924

    RedShadow
    Participant

    I am using 1.1.0.Final

    The thing with the 404 error is gone now. I tried 2 different approaches now, first with addRule(Join) and second with defineRule() but as I have seen in my JSF views, only the addRule(Join) things are rewritten when using <h:link>

    Is that supposed? What’s the difference between those approaches?

    Also in the following config, the outcome /admin/passwordForgotten.xhtml will be rewritten to /admin/forgot-pw but /admin/login.xhtml will not be rewritten to /admin. Why is that?

    public class SystemConfigurationProvider extends HttpConfigurationProvider {

    private static final Logger LOG = LoggerFactory

    .getLogger(SystemConfigurationProvider.class);

    @Inject

    private UserSessionBean userSessionBean;

    @Override

    public Configuration getConfiguration(final ServletContext context) {

    final Condition loggedIn = new Condition() {

    @Override

    public boolean evaluate(Rewrite event, EvaluationContext context) {

    return userSessionBean.hasBackendAccess();

    }

    };

    return ConfigurationBuilder

    .begin()

    /*

    * Forgot Password page

    */

    .addRule(Join.path("/admin/forgot-pw")

    .to("/admin/passwordForgotten.xhtml")

    .when(Not.any(loggedIn)))

    /*

    * Redirect to login page if not logged in

    */

    .addRule(

    Join.path("/admin{0}")

    .to("/admin/login.xhtml")

    .where("0")

    .matches(".*")

    .when(Not

    .any(Path.matches("/admin/login.xhtml"))

    .andNot(Path

    .matches("/admin/passwordForgotten.xhtml"))

    .andNot(loggedIn)))

    /*

    * Redirect to admin page if logged in

    */

    .addRule(

    Join.path("/admin{0}")

    .to("/admin/admin.xhtml")

    .where("0")

    .matches(".*")

    .when(loggedIn))

    // /*

    // * Redirect to login page if not logged in

    // */

    // .defineRule()

    // .when(Path.matches("/admin{0}").where("0").matches(".*")

    // .andNot(Path.matches("/admin/login.xhtml"))

    // .andNot(Path.matches("/admin/passwordForgotten.xhtml"))

    // .andNot(loggedIn))

    // .perform(Forward.to("/admin/login.xhtml").and(new Operation() {

    //

    // @Override

    // public void perform(Rewrite event, EvaluationContext context) {

    // LOG.error("To Login");

    // }

    // }))

    // /*

    // * Redirect to admin page if logged in

    // */

    // .defineRule()

    // .when(Path.matches("/admin{0}").where("0").matches(".*")

    // .and(loggedIn))

    // .perform(Forward.to("/admin/admin.xhtml").and(new Operation() {

    //

    // @Override

    // public void perform(Rewrite event, EvaluationContext context) {

    // LOG.error("To CMS");

    // }

    // }))

    ;

    }

    @Override

    public int priority() {

    return 10;

    }

    }

    #22925

    RedShadow
    Participant

    To finally close the question I will summarize what worked for me.

    Making “/admin” the entry point for logged in and not logged in users:

    .addRule(Join.path("/admin").to("/login.xhtml").when(Not.any(loggedIn)))

    .addRule(Join.path("/admin").to("/admin.xhtml").when(loggedIn));

    Forward every different request to login when not logged in:

    .defineRule().when(Direction.isInbound().and(Path.matches("/{0}").where("0").matches(".*"))

    .andNot(Path.matches("/javax.faces.resource{0}").where("0").matches(".*"))

    .andNot(Path.matches("/login.xhtml"))

    .perform(Forward.to("/login.xhtml"))

    The remaining part of the question is, why is the session id appended to the url as path parameter on the very first request and how could I remove it?

    #22926

    Could you open a new thread to describe your session ID issue? Thanks.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

Comments are closed.