AW: [opencms-dev] CmsUser as a session variable

Ben Rometsch ben at solidstategroup.com
Mon Sep 1 11:39:47 CEST 2003


Hi Frank,

That is very pertinent information - thank you very much for the help.

One further question though: I want to do a sanity check on each priveleged
page, to ensure that the user is allowed to view that page, and that they
are not a hacker pasting in a url, for example. How would I get a reference
to the User session object within the jsp? 

Thanks,
Ben

-----Original Message-----
From: opencms-dev-admin at opencms.org [mailto:opencms-dev-admin at opencms.org]
On Behalf Of Frank Wunderlich
Sent: 01 September 2003 18:50
To: opencms-dev at opencms.org
Subject: AW: AW: [opencms-dev] CmsUser as a session variable

Hi Ben,

as far as I have understood, you would have to extend the
User-Administration in the BackOffice to create and edit Webusers.
But you can create usergroups that are derived from "Guests" and users that
belong to these groups.
"Guests" have - like Webusers - no access to the backend.

If you create a usergroup "Privileged Guests" and contentfolders that are
owned by this group, only users that are logged in and belong to "Privileged
Guests" have access to this area of the site.
OpenCms even hides the corresponding navigation-items from anonymous users.
You don't have to worry about any access-rights validation.
OpenCms does all the work for you.

Hope I could help,
Frank.


--
Frank Wunderlich
Berlin . Germany
www.frank-wunderlich.de

> -----Ursprüngliche Nachricht-----
> Von: opencms-dev-admin at opencms.org
> [mailto:opencms-dev-admin at opencms.org] Im Auftrag von Ben Rometsch
> Gesendet: Montag, 1. September 2003 07:35
> An: opencms-dev at opencms.org
> Betreff: RE: AW: [opencms-dev] CmsUser as a session variable
> 
> 
> Is it possible to create a webuser in the Admin interface?
> 
> We are building an Intranet for our one of our clients. The 
> requirement we have is that OpenCMS administrators will be able to 
> create users within OpenCMS who will be allowed access to certain 
> priveleged areas of the Intranet. This is why I am not using the 
> WebUser object.
> 
> The code now works for logging users in and reads as follows:
> 
> ---------------------------------------
> CmsJspActionElement cms = new
> CmsJspActionElement(pageContext, request, response);
>     CmsObject cmso = cms.getCmsObject();
> 
>     String username = request.getParameter("username");
>     String password = request.getParameter("password");
>     
>     try { 
>       String webUser = cmso.loginUser(username,password);
>       out.println("You are now logged in as " + username);
>       out.println("<br>User is a member of the following 
> groups:<br>");
>       
>       Vector userGroups = cmso.getDirectGroupsOfUser(username); 
>       CmsGroup thisGroup;
>       for (Enumeration allGroups = userGroups.elements();
> allGroups.hasMoreElements();) {
>         thisGroup = (CmsGroup)allGroups.nextElement();
>         out.println("<br>" + thisGroup.getName() + ": " + 
> thisGroup.getDescription());
>       }
> 
>     } catch (Exception ex) {
>       out.println("Error logging in");
>     }
> ---------------------------------------
> 
> Does this user get added to the session automatically? If the user 
> logs in and then clicks on a link to a privileged area, how would I 
> check that they have a valid session?
> 
> Thanks,
> Ben
> 
> 
> 
> -----Original Message-----
> From: opencms-dev-admin at opencms.org
> [mailto:opencms-dev-admin at opencms.org]
> On Behalf Of M Butcher
> Sent: 30 August 2003 05:13
> To: opencms-dev at opencms.org
> Subject: Re: AW: [opencms-dev] CmsUser as a session variable
> 
> Ben,
> 
> Not sure if I understand all of your problem, but in addition to 
> Frank's message I would add that you should look at the loginWebUser 
> and readWebUser methods as well. They are scoped to WebUser, and use a 
> different set of permissions than loginUser.
> 
> See the javadoc for more info.
> 
> Matt
> 
> On Fri, 2003-08-29 at 08:59, Frank Wunderlich wrote:
> > Hi Ben,
> > 
> > I don't know why this exception is raised.
> > 
> > But why don't you use 
> > 	cmso.loginUser(user,passwd)
> > instead of 
> > 	cmso.readUser(user,passwd)?
> > 
> > That way OpenCms automatically keeps the current user in
> the session. 
> > Regards, Frank.
> > 
> > 
> > --
> > Frank Wunderlich
> > Berlin . Germany
> > www.frank-wunderlich.de
> > 
> > 
> > > -----Ursprüngliche Nachricht-----
> > > Von: opencms-dev-admin at opencms.org 
> > > [mailto:opencms-dev-admin at opencms.org] Im Auftrag von Ben Rometsch
> > > Gesendet: Freitag, 29. August 2003 05:23
> > > An: opencms-dev at opencms.org
> > > Betreff: [opencms-dev] CmsUser as a session variable
> > > 
> > > 
> > > Hi,
> > > 
> > > I have the following in a jsp page (it's the execution part of a 
> > > user login
> > > form):
> > > 
> > > ----------
> > > 
> > > <%@ page import="java.util.*,
> > >                  com.opencms.flex.jsp.*,
> > >                  com.opencms.file.*,
> > >                  com.opencms.file.CmsUser" %>
> > > 
> > > <%
> > >   if (request.getParameter("login") != null) {
> > > 
> > >     CmsJspActionElement cms = new
> CmsJspActionElement(pageContext,
> > > request, response);
> > >     CmsObject cmso = cms.getCmsObject();
> > > 
> > >     String username = request.getParameter("username");
> > >     String password = request.getParameter("password");
> > >     
> > >     try { 
> > >       CmsUser webUser = cmso.readUser(username,password);
> > >       out.println("You are now logged in as " + username);
> > >     } catch (Exception ex) {
> > >       out.println("Error logging in");
> > >     }
> > >   }
> > > %>
> > > 
> > > -----------
> > > 
> > > This is working fine. The problem I have is that I want
> to make the
> > > webUser instance session scoped. If I add the following
> underneath
> > > the page import:
> > > 
> > > <jsp:useBean id="webUser" class="com.opencms.file.CmsUser"
> > > scope="session"/>
> > > 
> > > And change the line:
> > > 
> > > CmsUser webUser = cmso.readUser(username,password);
> > > 
> > > To
> > > 
> > > webUser = cmso.readUser(username,password);
> > > 
> > > I get an error:
> > > 
> > > 
> > > javax.servlet.ServletException: Resource loader error in file 
> > > '/RGLIntranet/login.jsp'
> > > 
> > > Root cause:
> > > org.apache.jasper.JasperException
> > > 	at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServlet
> > > Wrapper.java:2
> > > 54)
> > > 	at
> > > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet
> > > .java:295)
> > > 	at
> > > org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
> > > 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> > > 	at
> > > org.apache.catalina.core.ApplicationDispatcher.invoke(Applicat
> > > ionDispatcher.
> > > java:684)
> > > 	at
> > > org.apache.catalina.core.ApplicationDispatcher.doInclude(Appli
> > > cationDispatch
> > > er.java:575)
> > > 	at
> > > org.apache.catalina.core.ApplicationDispatcher.include(Applica
> > > tionDispatcher
> > > .java:498)
> > > 	at
> > > com.opencms.flex.cache.CmsFlexRequestDispatcher.include(CmsFle
> > > xRequestDispat
> > > cher.java:180)
> > > 	at com.opencms.flex.CmsJspLoader.service(CmsJspLoader.java:955)
> > > 	at
> > > com.opencms.flex.cache.CmsFlexRequestDispatcher.include(CmsFle
> > > xRequestDispat
> > > cher.java:268)
> > > 	at com.opencms.flex.CmsJspLoader.load(CmsJspLoader.java:567)
> > > 	at
> > > com.opencms.flex.CmsJspLoader.initlaunch(CmsJspLoader.java:235)
> > > 	at com.opencms.core.OpenCms.showResource(OpenCms.java:956)
> > > 	at
> > > 
> com.opencms.core.OpenCmsHttpServlet.doGet(OpenCmsHttpServlet.java:310)
> > > 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
> > > 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> > > 	at
> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilt
> > > er(Application
> > > FilterChain.java:247)
> > > 	at
> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli
> > > cationFilterCh
> > > ain.java:193)
> > > 	at
> > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardW
> > > rapperValve.ja
> > > va:256)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > eContext.invok
> > > eNext(StandardPipeline.java:643)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > ine.java:480)
> > > 	at
> > > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > 	at
> > > org.apache.catalina.core.StandardContextValve.invoke(StandardC
> > > ontextValve.ja
> > > va:191)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > eContext.invok
> > > eNext(StandardPipeline.java:643)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > ine.java:480)
> > > 	at
> > > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > 	at
> > > org.apache.catalina.core.StandardContext.invoke(StandardContex
> > > t.java:2416)
> > > 	at
> > > org.apache.catalina.core.StandardHostValve.invoke(StandardHost
> > > Valve.java:180
> > > )
> > > 	at
> > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > eContext.invok
> > > eNext(StandardPipeline.java:643)
> > > 	at
> > > org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDi
> > > spatcherValve.
> > > java:171)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > eContext.invok
> > > eNext(StandardPipeline.java:641)
> > > 	at
> > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport
> > > Valve.java:172
> > > )
> > > 	at
> > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > eContext.invok
> > > eNext(StandardPipeline.java:641)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > ine.java:480)
> > > 	at
> > > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > 	at
> > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEn
> > > gineValve.java
> > > :174)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > eContext.invok
> > > eNext(StandardPipeline.java:643)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > ine.java:480)
> > > 	at
> > > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > 	at
> > > org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.
> > > java:223)
> > > 	at
> > > org.apache.coyote.http11.Http11Processor.process(Http11Process
> > > or.java:601)
> > > 	at
> > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandle
> > > r.processConne
> > > ction(Http11Protocol.java:392)
> > > 	at
> > > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoi
> > > nt.java:565)
> > > 	at
> > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> > > ThreadPool.jav
> > > a:619)
> > > 	at java.lang.Thread.run(Thread.java:534)
> > > 
> > > --------------- End of root cause.
> > > 
> > > 	at com.opencms.flex.CmsJspLoader.service(CmsJspLoader.java:962)
> > > 	at
> com.opencms.flex.cache.CmsFlexRequestDispatcher.include(CmsFle
> > > xRequestDispat
> > > cher.java:268)
> > > 	at com.opencms.flex.CmsJspLoader.load(CmsJspLoader.java:567)
> > > 	at
> > > com.opencms.flex.CmsJspLoader.initlaunch(CmsJspLoader.java:235)
> > > 	at com.opencms.core.OpenCms.showResource(OpenCms.java:956)
> > > 	at
> > > 
> com.opencms.core.OpenCmsHttpServlet.doGet(OpenCmsHttpServlet.java:310)
> > > 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
> > > 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> > > 	at
> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilt
> > > er(Application
> > > FilterChain.java:247)
> > > 	at
> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli
> > > cationFilterCh
> > > ain.java:193)
> > > 	at
> > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardW
> > > rapperValve.ja
> > > va:256)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > eContext.invok
> > > eNext(StandardPipeline.java:643)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > ine.java:480)
> > > 	at
> > > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > 	at
> > > org.apache.catalina.core.StandardContextValve.invoke(StandardC
> > > ontextValve.ja
> > > va:191)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > eContext.invok
> > > eNext(StandardPipeline.java:643)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > ine.java:480)
> > > 	at
> > > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > 	at
> > > org.apache.catalina.core.StandardContext.invoke(StandardContex
> > > t.java:2416)
> > > 	at
> > > org.apache.catalina.core.StandardHostValve.invoke(StandardHost
> > > Valve.java:180
> > > )
> > > 	at
> > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > eContext.invok
> > > eNext(StandardPipeline.java:643)
> > > 	at
> > > org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDi
> > > spatcherValve.
> > > java:171)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > eContext.invok
> > > eNext(StandardPipeline.java:641)
> > > 	at
> > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport
> > > Valve.java:172
> > > )
> > > 	at
> > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > eContext.invok
> > > eNext(StandardPipeline.java:641)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > ine.java:480)
> > > 	at
> > > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > 	at
> > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEn
> > > gineValve.java
> > > :174)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > eContext.invok
> > > eNext(StandardPipeline.java:643)
> > > 	at
> > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > ine.java:480)
> > > 	at
> > > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > 	at
> > > org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.
> > > java:223)
> > > 	at
> > > org.apache.coyote.http11.Http11Processor.process(Http11Process
> > > or.java:601)
> > > 	at
> > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandle
> > > r.processConne
> > > ction(Http11Protocol.java:392)
> > > 	at
> > > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoi
> > > nt.java:565)
> > > 	at
> > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> > > ThreadPool.jav
> > > a:619)
> > > 	at java.lang.Thread.run(Thread.java:534)
> > > 
> > > 
> > > 
> > > Does anyone know why this would be?
> > > 
> > > _______________________________________________
> > > This mail is send to you from the opencms-dev mailing
> list To change
> > > your list options, or to unsubscribe from the list, please visit 
> > > http://mail.opencms.org/mailman/listinfo/opencms-dev
> > > 
> > 
> > 
> > _______________________________________________
> > This mail is send to you from the opencms-dev mailing list To change 
> > your list options, or to unsubscribe from the list, please visit 
> > http://mail.opencms.org/mailman/listinfo/opencms-dev
> --
> M Butcher <mbutcher at grcomputing.net>
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list To change 
> your list options, or to unsubscribe from the list, please visit 
> http://mail.opencms.org/mailman/listinfo/opencms-dev
> 
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list To change 
> your list options, or to unsubscribe from the list, please visit 
> http://mail.opencms.org/mailman/listinfo/opencms-dev
> 


_______________________________________________
This mail is send to you from the opencms-dev mailing list To change your
list options, or to unsubscribe from the list, please visit
http://mail.opencms.org/mailman/listinfo/opencms-dev




More information about the opencms-dev mailing list