After looking a bit further I have another question:
what does this line do?
<meta key="j2:cat" value="default" />
David Sean Taylor wrote:
On Oct 10, 2008, at 1:33 PM, Ron Wheeler wrote:
We need to add a consent form to our site. This explains the privacy
rules and gives the user a place to accept the terms.
If the user accepts they can continue on to the site. If they do not
accept, they will be logged out and return to the public part of the
site.
Each time the user logs in they get the same treatment until they
consent.
We were thinking that the easiest way to implement this might be to
assign each new user the role of "unconsented" and use the profiler
to select the privacy agreement page as long as they have this role.
The consent button would remove the "unconsented" role and log the
consent in an audit trail.
Once they consent, the profiler will go back to selecting pages in
the normal way.
http://portals.apache.org/jetspeed-2/guides/guide-profiler.html
Does this sound like a good solution and in line with the purpose of
the profiler.
It does sound like a good case. We don't have a profiling resolver
that looks for the presence of one role and automatically redirects if
that role is found. I think we could write one though.
Another approach would be to write a valve that works exactly like the
passwordCredentialValve. The passwordCredentialValve looks to see if a
credential is expired. If it is, it will always redirect to the
resetPassword page, no matter which page you request in the URL. This
continues whenever the user logs in until the user successfully resets
the password and unexpires the credential. You have two choices there.
I think writing a generic RoleCheckValve would be easier. In fact I
just wrote it for you, took a few minutes...haven't tested it. It will
need a j2-seed.xml profiling rule, see bottom inline, and some
pipeline configuration:
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jetspeed.security.impl;
import java.util.Arrays;
import java.util.List;
import javax.security.auth.Subject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jetspeed.pipeline.PipelineException;
import org.apache.jetspeed.pipeline.valve.AbstractValve;
import org.apache.jetspeed.pipeline.valve.PageProfilerValve;
import org.apache.jetspeed.pipeline.valve.Valve;
import org.apache.jetspeed.pipeline.valve.ValveContext;
import org.apache.jetspeed.profiler.ProfileLocator;
import org.apache.jetspeed.request.RequestContext;
import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityHelper;
/**
* RoleCheckValve
*
* @author <a href="mailto:[EMAIL PROTECTED]">DST</a>
* @version $Id: $
*/
public class RoleCheckValve extends AbstractValve implements Valve
{
private static final Log log = LogFactory.getLog(RoleCheckValve.class);
private static final String CHECKED_KEY =
RoleCheckValve.class.getName() + ".checked";
private String roleToCheck = null;
public RoleCheckValve(String roleToCheck)
{
this.roleToCheck = roleToCheck;
}
/**
* @see
org.apache.jetspeed.pipeline.valve.Valve#invoke(org.apache.jetspeed.request.RequestContext,
org.apache.jetspeed.pipeline.valve.ValveContext)
*/
public void invoke(RequestContext request, ValveContext context)
throws PipelineException
{
try
{
if ( request.getRequest().getUserPrincipal() != null && roleToCheck !=
null)
{
if (request.getRequest().isUserInRole(roleToCheck))
{
request.setAttribute(PageProfilerValve.PROFILE_LOCATOR_REQUEST_ATTR_KEY,
"roleCheckRedirectRule");
}
}
context.invokeNext(request);
}
catch (Exception e)
{
log.error("Exception in request pipeline: " + e.getMessage(), e);
throw new PipelineException(e.toString(), e);
}
}
public String toString()
{
return "RoleCheckValve";
}
}
seed data:
<ProfilingRule id="roleCheckRedirectRule" standardRule="true">
<description value="Redirect on Role Check existence."/>
<Criteria>
<Criterion name="page">
<type value="hard.coded"/>
<value value="/unconsented.psml"/>
<fallBackOrder value="0"/>
<fallBackType value="0"/>
</Criterion>
</Criteria>
</ProfilingRule>
finally of course you need to override the pipelines.xml:
<bean id="roleCheckValve" class="org.apache.jetspeed.security.impl.
RoleCheckValve"
init-method="initialize">
<meta key="j2:cat" value="default" />
<constructor-arg>
<value>unconsented</value>
</constructor-arg>
</bean>
...
and then in your pipeline(s)
<ref bean="roleCheckValve" />
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
