Fórumok

How to prevent users without logging in from access specified resource?

thumbnail
amigoo earth, módosítva 11 év-val korábban

How to prevent users without logging in from access specified resource?

New Member Bejegyzések: 8 Csatlakozás dátuma: 2012.10.15. Legújabb bejegyzések
For example:
Logged in user is permitted to access any resource (it means any URIs inside the site. The same below).
Not logged in user is only permitted to access specified resource. Redirect to login page when URI not in "Allow List" is requested.

Precondition:
1. We deployed liferay PORTAL in webapps/ROOT, and a project containing a set of portlets in webapps/xyz.

What we have done.
1. We try to make a Servlet Filter in portlet, it can only filter the URI requested from the page that alreadyloaded, but can't hook the URI such as user typed in the browser address bar.
2. We try to make a Struts2 Interceptor in portlet, it can prevent from access some portlets, but before the interceptor fired, the page(which containing the portlets) had already shown.

Any suggestion is appreciate.
thumbnail
Bart Simpson, módosítva 11 év-val korábban

RE: How to prevent users without logging in from access specified resource? (Válasz)

Liferay Master Bejegyzések: 522 Csatlakozás dátuma: 2011.08.29. Legújabb bejegyzések
Why go through all that trouble, why not just use a
servlet.service.events
hook and check condition there and redirect if required.
thumbnail
amigoo earth, módosítva 11 év-val korábban

RE: How to prevent users without logging in from access specified resource?

New Member Bejegyzések: 8 Csatlakozás dátuma: 2012.10.15. Legújabb bejegyzések
Bart Simpson:
Why go through all that trouble, why not just use a
servlet.service.events
hook and check condition there and redirect if required.


Thank you very much Bart.
Following your suggestion, We have tried to write a HOOK.
servlet.service.events.pre=com.foo.hook.action.LoginAccessControlAction
[indent]public class LoginAccessControlAction extends Action {
public LoginAccessControlAction() {
super();
}

public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException {
System.out.println(request.getRequestURL());
}
}[/indent]

It's deployed and work fine itself.
The problem is that it's always print "http://localhost:8080/c/portal/layout", no matter what I have typed in address bar.
How can I obtain the real URL requested by user? Which is typed in address bar, or via AJAX etc.
thumbnail
Victor Zorin, módosítva 11 év-val korábban

RE: How to prevent users without logging in from access specified resource?

Liferay Legend Bejegyzések: 1228 Csatlakozás dátuma: 2008.04.14. Legújabb bejegyzések
Just another natural suggestion..., use public and private areas, where your public area would only contain a login page and the rest of portal content shall be defined in private zone. Does it address all your requirements? By default, any resource defined in private pages will not be accessible by guest users.

This is a typical setup for employee-access-only extranets.
thumbnail
amigoo earth, módosítva 11 év-val korábban

RE: How to prevent users without logging in from access specified resource?

New Member Bejegyzések: 8 Csatlakozás dátuma: 2012.10.15. Legújabb bejegyzések
Thanks for your suggestion Victor. :-)
Unfortunately, our system has already been designed avoid the liferay "public and private areas" mechanism but implements the access control ourself.

@Bart,
Sorry to disturb you again.
Obtain the REAL url and user infomation is done like this:
String url = PortalUtil.getCurrentCompleteURL(request);
User user = PortalUtil.getUser(request);

Is the process next OK?
if(not logined user && some private page url){
response.sendRedirect(redirectURL such as login page);
}
thumbnail
Bart Simpson, módosítva 11 év-val korábban

RE: How to prevent users without logging in from access specified resource? (Válasz)

Liferay Master Bejegyzések: 522 Csatlakozás dátuma: 2011.08.29. Legújabb bejegyzések
The problem is that it's always print "http://localhost:8080/c/portal/layout", no matter what I have typed in address bar.

Sorry for the late reply,
You can check
request.getQueryString() 
which will give you the plid (that is the page layout id, that can be used to get the whole layout (page) record by using
LayoutLocalServiceUtil
, and you can put checks for your conditions)
and for the process you described, looks fine
thumbnail
Amigoo Earth, módosítva 11 év-val korábban

RE: How to prevent users without logging in from access specified resource?

New Member Bejegyzések: 8 Csatlakozás dátuma: 2012.10.15. Legújabb bejegyzések
Thanks again for your great key suggestion, Bart.
Following your warm heart tips, we finally achieve the goal.
The source snippet:
User user = PortalUtil.getUser(request);
String qString = request.getQueryString();
Properties ps = PropertiesUtil.load(qString);
String lId = ps.getProperty("p_l_id");
Layout layout = LayoutLocalServiceUtil.getLayout(Long.parseLong(lId));
long gId = layout.getGroupId();

if(user == null && gId != C_GROUP_ID_GUEST){
System.out.println("Redirect:"+rdr);
response.sendRedirect(rdr);
}
thumbnail
Bart Simpson, módosítva 11 év-val korábban

RE: How to prevent users without logging in from access specified resource?

Liferay Master Bejegyzések: 522 Csatlakozás dátuma: 2011.08.29. Legújabb bejegyzések
Good to know