"Pradeep Kumar" <[EMAIL PROTECTED]> writes:
>Hi Ritu,
>Do the following steps if you want to aviod login screen
>(1)In TurbineResource.properties in Framework Settings Section set
>template.homepage and screen.homepage to some page. By default they
>are Login.vm.
Uh. No way!
screen.homepage is only used if you _dont't_ want to use a templating
solution for your application. If you want to use Velocity, leave it
empty.
template.homepage is used if you use security to send your users to
the first page of your application _after_ they log in. This should be
the home page of your application. Which is Index.vm 99% of the time.
To add a login page, you set the template.login Parameter to be your
Login page, e.g. Login.vm. _Then_ use the TemplateSecureSessionValidator
to redirect your users to this page if they have not yet logged in. It
reads this parameter and does the necessary redirection.
>(2)In any action java file wherever you are extending action class to
>SecureAction it checks for Authorized user. so in SecureAction.java file
>for any condition make " return isAuthorized" true. you can just comment
>all code and return true.
>(3)In any screen java file wherever you are extending action class to
... screen class ...
>SecureScreen it checks for Authorized user. so in SecureScreen.java file
>for any condition make " return isAuthorized" true. same way.
>This way you can avoid Login problem.
Well, a class like VelocitySecureScreen just skips calling the
doBuildTemplate(data, context) method if isAuthorized returns
false. This means, that user code in a class, that extends
VelocitySecureScreen is not called (because your screen should put its
code in this method), but the screen still gets rendered!
If you return false on the isAuthorized method, you should (MUST!)
also change the template to render with setScreenTemplate
(isAuthorized runs before the actual templating process which is
triggered from the TemplateScreen class (from which VelocityScreen and
in turn VelocitySecureScreen are derived) in doBuild.
I run some of these methods like this:
protected boolean isAuthorized(RunData data)
throws Exception
{
AccessControlList acl = data.getACL();
boolean isAuthorized = false;
if (acl != null && acl.hasPermission(...somePermission...))
{
isAuthorized = true;
}
else
{
data.setScreenTemplate(Turbine.getConfiguration().getString(TurbineConstants.TEMPLATE_LOGIN));
}
return isAuthorized;
}
Regards
Henning
--
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen INTERMETA GmbH
[EMAIL PROTECTED] +49 9131 50 654 0 http://www.intermeta.de/
RedHat Certified Engineer -- Jakarta Turbine Development -- hero for hire
Linux, Java, perl, Solaris -- Consulting, Training, Development
"Fighting for one's political stand is an honourable action, but re-
fusing to acknowledge that there might be weaknesses in one's
position - in order to identify them so that they can be remedied -
is a large enough problem with the Open Source movement that it
deserves to be on this list of the top five problems."
-- Michelle Levesque, "Fundamental Issues with
Open Source Software Development"
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
