I created a Login.java file to perform my login action. It works fine.
Avoiding everyone has the role of turbine_root, in SecureAction.java I did
some changes,
AccessControlList acl = data.getACL();
if (acl == null || ! acl.hasRole("turbine_root")) <--- changed
{
isAuthorized = false;
}
else if(acl.hasRole("turbine_root")) <----- changed
{
isAuthorized = true;
}
but the change did not seem to have taken place. I was wonder if the new
Login.java has anything got to do with it.
user = TurbineSecurity.getAuthenticatedUser(username, password);
This is the line in Login.java, just wonder what I should do here to
change the login Group and Role so that not just turbine_root can login.
cheers
michael
>>
>> Hello,
>>
>> I've also been looking at this post and want to have users
>> with different Roles be directed to different Screens after
>> they log in.
>
> I currently do things this way as well. I have the logic to do so in my
> login action. I define the various homepage/role combinations in a
> properties file.
>
>>
>> What I don't get about this post his how all the parameters
>> that he's placing in the Login.vm form are going to be
>> related to the user in the MyLoginUser action when the server
>> processes the login request.
>>
>
> On my login form, I use $link.setAction("LoginAction") as the target of
> the form post. I do not specify a page at all. This would normally be
> a problem causing the user to go right back to login. However, upon a
> successful login, I call data.setScreenTemplate(templateName). This
> causes the user to go to the correct page.
>
>> What I've tried is using data.getACL() and then using the
>> AccessControlList's hasRole() method in my MyLoginUser class,
>> but getACL() returns null in the LoginUser class so that
>> didn't get me too far.
>>
>
> You are right. The ACL is not populated when the login action is run.
> That happens later.
>
> I also needed a pull tool to allow the view to access security
> information. It is a session based pull tool. I use it in the login
> action to get the security information. It works perfectly. There is
> just one little catch... Session pull tools are lost when the login
> action executes. You can get around this problem with the following
> code:
>
> TurbinePull.populateContext(context, data);
>
> The next line would return your session pull tool from the context.
>
>> The below post has the quote "It is not possible to do a
>> redirect after login. TDK 2.1 does not permit this yet." Is
>> this true? I'm using 2.1, has this been fixed in 2.2?
>>
>
> I am not sure exactly what was meant by that. However
> data.setScreenTemplate() works just fine in 2.1. So does HTTP
> redirects.
>
>> Any help or workaround is much appreciated.
>>
>> Thanks,
>> Fred
>>
>> On Tue, 7 Jan 2003, Eigen Technology Pty Ltd wrote:
>>
>> > I am having some difficulties in following the instructions
>> as given
>> > in the reply:
>> >
>> > http://archives.apache.org/eyebrowse/ReadMsg?listName=&msgId=290818
>> >
>> >
>> > >All the problem was that the LoginAction was an extension of
>> VelocitySecureAction, and this class throws the template without
>> executing the screen java code.
>> > >
>> > >Now it is an extension of VelocityAction.
>> > >
>> > >I created a Login.java, (as you suggested) which has to be an
>> extension of VelocityScreen, and not secure as seen for the Action
>> upper and i changed a piece of code in the IsAuthorized
>> method in my
>> > >SecureScreen class.
>> >
>> >
>> > 1) Is this new Login.java an extension of VelocityAction or
>> > VelocityScreen? It is a bit confusing from the above description.
>> >
>> > 2) Do I need to change the line:
>> >
>> > FROM action.login=LoginUser
>> > TO action.login=Login
>> >
>> > in TR.properties as a consquence?
>> >
>> >
>> > >3. in the action of the Login form, set the template to =
>> > >$destiation_template and for each parameter add a hidden
>> input field
>> > >to = the form
>> > >
>> > >ie
>> > >
>> >
>> <formmethod="post"action="$ling.setAction("Login").setTemplate($destin
>> > ation_template)">
>> > >
>> > >#foreach($parameter in $parameters)
>> > ><input type=hidden name="$parameter" =
>> > >value="$parameters.get($parameter)">
>> > >
>> > >blah blah...
>> > >
>> > ></form>
>> >
>> >
>> > 3) I am having problem with the <form ..... etc line.
>> >
>> > after I typed in the login username and passwd, the URL bar shows:
>> >
>> > http://ns1.eigentechnology.net:8080/medici/servlet/$link.setAction(
>> >
>> > and sent me an page not found message.
>> >
>> > Can anyone give me some more instructions on this please.
>> >
>> > thanks
>> > michael
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > --
>> > To unsubscribe, e-mail:
>> <mailto:turbine-user-> [EMAIL PROTECTED]>
>> > For
>> additional commands,
>> e-mail:
>> > <mailto:[EMAIL PROTECTED]>
>> >
>>
>>
>> --
>> To unsubscribe, e-mail:
>> <mailto:turbine-user-> [EMAIL PROTECTED]>
>> For
>> additional commands,
>> e-mail: <mailto:[EMAIL PROTECTED]>
>>
>>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]> For additional
> commands, e-mail: <mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
