yet ... want to implement some access control
say only valid login user should be able to view the images, pdfs
non-login user should be redirected to loginpage
Here is my current solution
i registered a new Filter and checks the Session of the request,
i am storing User as an ASO once login
so i check against the URL (begins with "/private") and the Session for
the ASO key (figure out it is something like aso:my.package.User)
if the key is not found then i redirect the response to my login page
sample codes
////////////////////////
// PrivateResourceFilter.java
///////////////////////
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httprequest = (HttpServletRequest) request;
if (httprequest.getServletPath().startsWith("/private")) {
HttpSession session = httprequest.getSession(false);
if(session == null ||
session.getAttribute("aso:"+User.class.getName())== null){
HttpServletResponse httpresponse =
(HttpServletResponse)response;
httpresponse.sendRedirect(httprequest.getContextPath()+"/login");
return;
}
}
chain.doFilter(request, response);
}
/////////////////////////////
// web.xml
////////////////////////////
<filter>
<filter-name>app</filter-name>
<filter-class>org.apache.tapestry.TapestryFilter</filter-class>
</filter>
<filter>
<filter-name>PrivateResourceFilter</filter-name>
<filter-class>com.mine.train.webfilters.PrivateResourceFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>PrivateResourceFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>app</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
it works but ... any better solutions ???
Dapeng wrote:
Ye ... have to say my mistake ... i juz took the design mockup from my
designer and FIND-AND-REPLACE the dummy links
turns out there is a typo in the links ...
:<
Sorry
Fernando Padilla wrote:
That is really weird because the TapestryFilter is supposed to check to
see if there is a resource in the file system that matches the url
first, before trying to interpret it. If that functionality is really
truly broken, then a bug should be filed, and tapestry fixed.
So the first question, are the url correct and pointing to the real
files in the filesystem?
Davor Hrg wrote:
there are few ways..
one is to extend tapestryFilter and use that version in web.xml
Davor Hrg
On Jan 7, 2008 6:21 AM, Dapeng <[EMAIL PROTECTED]> wrote:
Hi guys
I have a protected folder /private under the root
but inside the folder i am only going to serve static contents like
images and pdf
but when i try to access the resource
/myApp/private/images/1.jpg
i got an exception saying there is no such page
Unable to resolve 'private/images/1' to a known page name.
how to bypass the TapestryFilter?
juz let the tomcat handle the request as per normal ???
thx
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
