I have actally made several changes at the same time, which confused
myself somewhat.
Let me simplify it a bit first, the very first step:
The SecureAction.java (see below) file has only one method in it,
isAuthroised(). I have modified it so that the login criteria is not just
turbine_root. But somehow that did not work, only user with turbine_root
role can login, is this related to the fact that
AccessControlList acl = data.getACL();
is not populated in the begining?
michael
public class SecureAction extends VelocitySecureAction
{
public void doPerform( RunData data,Context context )
throws Exception
{
}
protected boolean isAuthorized( RunData data ) throws Exception
{
boolean isAuthorized = false;
AccessControlList acl = data.getACL();
if (acl == null || ! acl.hasPermission("login", "internal"))
//if (acl == null || ! acl.hasRole("turbine_root"))
{
isAuthorized = false;
}
else if( acl.hasPermission("login", "internal"))
//else if(acl.hasRole("turbine_root"))
{
isAuthorized = true;
}
return isAuthorized;
}
}
> Lets assume that your site's URL is http://myapp.com/app/servlet/app.
>
> Your implementation of the login action is in the package
> modules.actions.Login. You Login action extends SecureAction which
> extends VelocitySecureAction. I will also assume that your SecureAction
> class provides an implementation of the isAuthorized() method and
> nothing else.
>
>> -----Original Message-----
>> From: Eigen Technology Pty Ltd [mailto:[EMAIL PROTECTED]]
>> Sent: Wednesday, January 08, 2003 4:06 PM
>> To: [EMAIL PROTECTED]
>> Subject: RE: How to redirect after Login ! More information
>> needed! (Chris Campbell)
>>
>>
>> Quinton,
>>
>> I tried to write my own Login.java (modified LoginUser.java).
>> I am a bit vague on the sequence of events during the login
>> process, would appreciate if you can shine some light on me.
>>
>> After displaying Login.vm, and after I typed in my
>> username/passwd, which one got processed first, Login.class
>> or SecureAction.class?
>
> When you requested http://myapp.com/app/servlet/app, Turbine sent you to
> the page defined by template.homepage. This should be Login.vm.
>
> You then had to submit the form on your login page. The actual
> destination for the post should have been constructed with a command
> similar to $link.setAction("Login").
>
> Now, Turbine will check the name of the action (login) to see if it
> matches actions.login in TR.props. If it does, it clears out everything
> in the session and then executes the action. It actually calls
> Login.perform(data). This method exists in the VelocitySecureAction
> class. If the result of isAuthorized() is true, it will call the
> doPerform(data,context) method of you Login action.
>
> It is very important that you override isAuthorized in your Login class
> to always return true. You could also avoid having to do this by simply
> inheriting from VelocityAction instead.
>
>>
>> I tried to redirect the user to a page after the login, by
>> using the technique
>>
>> data.setScreenTemplate(templateName)
>>
>> in Login.class, but it puts me back to the login page. What
>> else do I need to add in this file for it to work?
>
> Well, other than the basics of authenticating the user and saving the
> new user to the session, nothing. Executing the
> data.setScreenTemplate() method from within an action has the same
> effect as $link.setAction("Login").setPage("MyPage.vm").
>
>
>
>>
>> thanks
>> michael
>>
>>
>> > On my login form, I use $link.setAction("LoginAction") as
>> the target
>> > of the form post. I do not specify a page at all. This would
>> normally be a problem causing the user to go right back to login.
>> However, upon a successful login, I call
>> > data.setScreenTemplate(templateName). This causes the user
>> to go to
>> > the correct page.
>> >
>> >> What I've tried is using data.getACL() and then using the
>> >> AccessControlList's hasRole() method in my MyLoginUser class, but
>> getACL() returns null in the LoginUser class so that didn't get me
>> too far.
>> >>
>> >
>>
>>
>>
>>
>> --
>> To unsubscribe, e-mail:
>> <mailto:turbine-user-> [EMAIL PROTECTED]>
>> For
>> additional commands,
>> e-mail: <mailto:[EMAIL PROTECTED]>
>>
>>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
