Just turn your ServletFilter into a RequestFilter.
You can use ApplicationStateManager in RequestFilters now.
(See, for example:
http://code.google.com/p/tapestry5-cayenne/source/browse/trunk/tapestry5-cayenne-server/src/main/java/com/googlecode/tapestry5cayenne/services/CayenneRequestFilter.java)
Robert
On Jul 10, 2008, at 7/1012:30 PM , Britske wrote:
yeah I realize that JSessionId is there for the session, but I want
to build
functionality into a dispatcher that strips this jsessionid from the
request
if a user is not logged in (logged in in my app means that a User-
instance
exists in the ASM) and if the user has cookies disabled.
The rationale is
that I don't want search-engines to see the JSessionid, but I want
to enable
users without cookies to login and track their settings using
JSessionID in
the url.
Since search-engines don't login these 2 groups are nice mutually
exclusive
and so it's a clean cut when to strip the JSessionid and when not.
Except that I'm still not sure how to do it.
Wrapping the request and response in a handler (before Tapestry
comes in
action) and stripping it like that works, but doing it almost
exactly the
same in a dispather doesn't .
That's why I think it has to do with some internal tapestry
processing.
Do you have an idea where to look?
Howard Lewis Ship wrote:
All the jsessionid functionality is provided by the servlet
container,
not by Tapestry. And it does exactly what you are suggesting ...
except that its not about the user being logged in, its about the
user
have a session.
On Thu, Jul 10, 2008 at 8:52 AM, Britske <[EMAIL PROTECTED]> wrote:
partially related to a post I send a couple of days ago, but
perhaps this
explains better what I'm trying to do.
I'm trying to strip the jSessionId from displaying in the url if:
1. user doesn't have cookies (otherwise it won't display anyway)
2. user is not logged in.
I wanted to implement this as a filter, but I have to go with a
dispather
since to see if a user is logged in I need to have access to the
ASM,
which
I can't get to in a filter.
Now somewhere in between all the HttpSevletRequest to
tapestry.request
comversion, etc. tapestry decides to take over the JSessionId
provided by
the HttpServletRequest. I want to intercept this call somehow and
strip
the
JSessionId from the request.
I implemented a Dispatcher (the last in the line before onActivate
is
called) and basically wrapped (subclassed) HttpServletRequest and
HttpServletResponse to return null for the sessionid and have
redirecturl
return url. My own HttpServlet get's called in the app (and
returns null
for
getrequestedSessionId()) This request is added as a constructor
param to
a
newly created tapestry.requestImpl which are both saved to
RequestGlobals. I
though that should do the trick
not...
Apperantly somehow the jsessionid is picked up anyway although (when
expecting
requestglobals.getHttpServletRequest.getRequstedSessionId() in
page.onactivate() this correctly returns null).
Anyone?
Thanks.
my code:
//SessionStripController
public final class SessionStripController implements Dispatcher {
private ApplicationStateManager asm;
private RequestGlobals globals;
public SessionStripController(ApplicationStateManager
asm,RequestGlobals
globals){
this.asm = asm;
this.globals = globals;
}
public boolean dispatch(Request req, Response response) throws
IOException
{
if (req.isRequestedSessionIdValid() &&
globals.getHTTPServletRequest().getCookies()==null)
{
Session session = req.getSession(false);
if (session != null) session.invalidate();
HttpServletRequestWrapper wrappednRequest =
new
HttpServletRequestWrapperOwn(globals.getHTTPServletRequest());
HttpServletResponseWrapper
wrappedResponse =
new
HttpServletResponseWrapper(globals.getHTTPServletResponse())
{
public String encodeRedirectUrl(String
url) { return url; }
public String encodeRedirectURL(String
url) { return url; }
public String encodeUrl(String url) {
return url; }
public String encodeURL(String url) {
return url; }
};
globals.storeServletRequestResponse(wrappednRequest,
wrappedResponse);
globals.storeRequestResponse(new
RequestImpl(wrappednRequest), new
ResponseImpl(wrappedResponse));
}
return false;
}
}
//HttpServletRequestWrapperOwn
public class HttpServletRequestWrapperOwn extends
HttpServletRequestWrapper
{
public HttpServletRequestWrapperOwn(HttpServletRequest
request) {
super(request);
}
public String getRequestedSessionId(){
return null;
}
}
--
View this message in context:
http://www.nabble.com/T5%3A-what-part-of-tapestry-adds-Jsessionid-tp18385573p18385573.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Howard M. Lewis Ship
Creator Apache Tapestry and Apache HiveMind
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/T5%3A-what-part-of-tapestry-adds-Jsessionid-tp18385573p18387981.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
