RE: Page Validation

Fri, 23 Feb 2007 08:01:06 -0800 

Hi,
This seems to work for us.

public class ValidatePage
    extends BasePage
    implements PageValidateListener
{
    public void pageValidate(PageEvent event)
    {
        Mediator mediator = MgmtFactory.getMediator();
        if (!mediator.isConsole())
        {
            IPage messagePage = getRequestCycle().getPage("nonAdminConsole");
            throw new PageRedirectException(messagePage);
        }
        else
        {
            // If there is no visit object or the user isn't auth'd ship
            // them off to the login page
            Visit visit = (Visit)getVisit();
            if (visit == null || !visit.isUserAuthenticated())
            {
                Login login = (Login)getRequestCycle().getPage("login");
                throw new PageRedirectException(login);
            }
        }
    }
}

I tried a couple of different experiments.  The first was to log in and copy a 
link then close the browser.  I wasn't able to get to the page via the direct 
link.  If I "logout" and try and access the page via a direct link, I don't get 
access.  If I log in and copy a link and then surf off to another page, then I 
can come back via the direct link.  All of this is based on my use of a session 
and the visit object.  So, reviewing you code, I would think you need to have 
to check more than if the visit exists.  You need to store a flag saying they 
they have been authenticated.

regards,

Mark

Mark J. Stang
Senior Engineer/Architect
office: +1 303.468.2900
mobile: +1 303.507.2833
Ping Identity



-----Original Message-----
From: James Sherwood [mailto:[EMAIL PROTECTED]
Sent: Fri 2/23/2007 6:34 AM
To: Tapestry users
Subject: Page Validation
 
Hello,

We use Tapestry 3.2

I have security (login) using PageValidateListener.

The secure page in the site is called ISOPage which extends BasePage.

I add the page validation using:
public ISOPage(){
super();
addPageValidateListener(new PageValidationListener());
}

The PageValidationListener class implements PageValidateListener and does 
security like this:

if(visit.getUser() == null){
throw new PageRedirectException("UserLogin");
}

This all works fine it seems unless a direct is involved.

If I copy a directlink then try to access it without loggin in it shows me 
the page the directlink java code is on.

The PageRedirectException does happen and if I refresh or try to go anywhere 
it sends me to the login but it still shows that page first.

Any ideas?
Thanks,
James 


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to