掲示板

  1. ホーム
  2. Development
  3. How to prevent users without logging in from access specified resource?

How to prevent users without logging in from access specified resource?

thumbnail
11年前 に amigoo earth によって更新されました。

How to prevent users without logging in from access specified resource?

New Member 投稿: 8 参加年月日: 12/10/15 最新の投稿
For example:
Logged in user is permitted to access any resource (it means any URIs inside the site. The same below).
Not logged in user is only permitted to access specified resource. Redirect to login page when URI not in "Allow List" is requested.

Precondition:
1. We deployed liferay PORTAL in webapps/ROOT, and a project containing a set of portlets in webapps/xyz.

What we have done.
1. We try to make a Servlet Filter in portlet, it can only filter the URI requested from the page that alreadyloaded, but can't hook the URI such as user typed in the browser address bar.
2. We try to make a Struts2 Interceptor in portlet, it can prevent from access some portlets, but before the interceptor fired, the page(which containing the portlets) had already shown.

Any suggestion is appreciate.
thumbnail
11年前 に Bart Simpson によって更新されました。

RE: How to prevent users without logging in from access specified resource? (回答)

Liferay Master 投稿: 522 参加年月日: 11/08/29 最新の投稿
Why go through all that trouble, why not just use a 
servlet.service.events
hook and check condition there and redirect if required.
thumbnail
11年前 に amigoo earth によって更新されました。

RE: How to prevent users without logging in from access specified resource?

New Member 投稿: 8 参加年月日: 12/10/15 最新の投稿
Bart Simpson:
Why go through all that trouble, why not just use a 
servlet.service.events
hook and check condition there and redirect if required.


Thank you very much Bart.
Following your suggestion, We have tried to write a HOOK.
servlet.service.events.pre=com.foo.hook.action.LoginAccessControlAction
[indent]public class LoginAccessControlAction extends Action {
public LoginAccessControlAction() {
super();
}

public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException {
System.out.println(request.getRequestURL());
}
}[/indent]

It's deployed and work fine itself.
The problem is that it's always print "http://localhost:8080/c/portal/layout", no matter what I have typed in address bar.
How can I obtain the real URL requested by user? Which is typed in address bar, or via AJAX etc.
thumbnail
11年前 に Victor Zorin によって更新されました。

RE: How to prevent users without logging in from access specified resource?

Liferay Legend 投稿: 1228 参加年月日: 08/04/14 最新の投稿
Just another natural suggestion..., use public and private areas, where your public area would only contain a login page and the rest of portal content shall be defined in private zone. Does it address all your requirements? By default, any resource defined in private pages will not be accessible by guest users.

This is a typical setup for employee-access-only extranets.
thumbnail
11年前 に amigoo earth によって更新されました。

RE: How to prevent users without logging in from access specified resource?

New Member 投稿: 8 参加年月日: 12/10/15 最新の投稿
Thanks for your suggestion Victor. :-)
Unfortunately, our system has already been designed avoid the liferay "public and private areas" mechanism but implements the access control ourself.

@Bart,
Sorry to disturb you again.
Obtain the REAL url and user infomation is done like this:
String url = PortalUtil.getCurrentCompleteURL(request);
User user = PortalUtil.getUser(request);

Is the process next OK?
if(not logined user && some private page url){
response.sendRedirect(redirectURL such as login page);
}
thumbnail
11年前 に Bart Simpson によって更新されました。

RE: How to prevent users without logging in from access specified resource? (回答)

Liferay Master 投稿: 522 参加年月日: 11/08/29 最新の投稿
The problem is that it's always print "http://localhost:8080/c/portal/layout", no matter what I have typed in address bar.

Sorry for the late reply,
You can check 
request.getQueryString()
which will give you the plid (that is the page layout id, that can be used to get the whole layout (page) record by using 
LayoutLocalServiceUtil
, and you can put checks for your conditions)
and for the process you described, looks fine
thumbnail
11年前 に Amigoo Earth によって更新されました。

RE: How to prevent users without logging in from access specified resource?

New Member 投稿: 8 参加年月日: 12/10/15 最新の投稿
Thanks again for your great key suggestion, Bart.
Following your warm heart tips, we finally achieve the goal.
The source snippet:
User user = PortalUtil.getUser(request);
String qString = request.getQueryString();
Properties ps = PropertiesUtil.load(qString);
String lId = ps.getProperty("p_l_id");
Layout layout = LayoutLocalServiceUtil.getLayout(Long.parseLong(lId));
long gId = layout.getGroupId();

if(user == null && gId != C_GROUP_ID_GUEST){
System.out.println("Redirect:"+rdr);
response.sendRedirect(rdr);
}
thumbnail
11年前 に Bart Simpson によって更新されました。

RE: How to prevent users without logging in from access specified resource?

Liferay Master 投稿: 522 参加年月日: 11/08/29 最新の投稿
Good to know