AW: AW: [opencms-dev] CmsUser as a session variable
Frank Wunderlich
k.frank.wunderlich at gmx.de
Mon Sep 1 12:00:04 CEST 2003
To access the user, try one of these:
public java.lang.String CmsJspActionElement.user(java.lang.String
property)
public CmsUser CmsObject.readUser(java.lang.String username)
<cms:user property="..." />
To access the session itself:
Use the predefined JSP variable "session"...
Greetings,
Frank.
--
Frank Wunderlich
Berlin . Germany
www.frank-wunderlich.de
> -----Ursprüngliche Nachricht-----
> Von: opencms-dev-admin at opencms.org
> [mailto:opencms-dev-admin at opencms.org] Im Auftrag von Ben Rometsch
> Gesendet: Montag, 1. September 2003 11:16
> An: opencms-dev at opencms.org
> Betreff: RE: AW: [opencms-dev] CmsUser as a session variable
>
>
> Hi Frank,
>
> That is very pertinent information - thank you very much for the help.
>
> One further question though: I want to do a sanity check on
> each priveleged page, to ensure that the user is allowed to
> view that page, and that they are not a hacker pasting in a
> url, for example. How would I get a reference to the User
> session object within the jsp?
>
> Thanks,
> Ben
>
> -----Original Message-----
> From: opencms-dev-admin at opencms.org
> [mailto:opencms-dev-admin at opencms.org]
> On Behalf Of Frank Wunderlich
> Sent: 01 September 2003 18:50
> To: opencms-dev at opencms.org
> Subject: AW: AW: [opencms-dev] CmsUser as a session variable
>
> Hi Ben,
>
> as far as I have understood, you would have to extend the
> User-Administration in the BackOffice to create and edit
> Webusers. But you can create usergroups that are derived from
> "Guests" and users that belong to these groups. "Guests" have
> - like Webusers - no access to the backend.
>
> If you create a usergroup "Privileged Guests" and
> contentfolders that are owned by this group, only users that
> are logged in and belong to "Privileged Guests" have access
> to this area of the site. OpenCms even hides the
> corresponding navigation-items from anonymous users. You
> don't have to worry about any access-rights validation.
> OpenCms does all the work for you.
>
> Hope I could help,
> Frank.
>
>
> --
> Frank Wunderlich
> Berlin . Germany
> www.frank-wunderlich.de
>
> > -----Ursprüngliche Nachricht-----
> > Von: opencms-dev-admin at opencms.org
> > [mailto:opencms-dev-admin at opencms.org] Im Auftrag von Ben Rometsch
> > Gesendet: Montag, 1. September 2003 07:35
> > An: opencms-dev at opencms.org
> > Betreff: RE: AW: [opencms-dev] CmsUser as a session variable
> >
> >
> > Is it possible to create a webuser in the Admin interface?
> >
> > We are building an Intranet for our one of our clients. The
> > requirement we have is that OpenCMS administrators will be able to
> > create users within OpenCMS who will be allowed access to certain
> > priveleged areas of the Intranet. This is why I am not using the
> > WebUser object.
> >
> > The code now works for logging users in and reads as follows:
> >
> > ---------------------------------------
> > CmsJspActionElement cms = new CmsJspActionElement(pageContext,
> > request, response);
> > CmsObject cmso = cms.getCmsObject();
> >
> > String username = request.getParameter("username");
> > String password = request.getParameter("password");
> >
> > try {
> > String webUser = cmso.loginUser(username,password);
> > out.println("You are now logged in as " + username);
> > out.println("<br>User is a member of the following
> > groups:<br>");
> >
> > Vector userGroups = cmso.getDirectGroupsOfUser(username);
> > CmsGroup thisGroup;
> > for (Enumeration allGroups = userGroups.elements();
> > allGroups.hasMoreElements();) {
> > thisGroup = (CmsGroup)allGroups.nextElement();
> > out.println("<br>" + thisGroup.getName() + ": " +
> > thisGroup.getDescription());
> > }
> >
> > } catch (Exception ex) {
> > out.println("Error logging in");
> > }
> > ---------------------------------------
> >
> > Does this user get added to the session automatically? If the user
> > logs in and then clicks on a link to a privileged area, how would I
> > check that they have a valid session?
> >
> > Thanks,
> > Ben
> >
> >
> >
> > -----Original Message-----
> > From: opencms-dev-admin at opencms.org
> > [mailto:opencms-dev-admin at opencms.org]
> > On Behalf Of M Butcher
> > Sent: 30 August 2003 05:13
> > To: opencms-dev at opencms.org
> > Subject: Re: AW: [opencms-dev] CmsUser as a session variable
> >
> > Ben,
> >
> > Not sure if I understand all of your problem, but in addition to
> > Frank's message I would add that you should look at the
> loginWebUser
> > and readWebUser methods as well. They are scoped to
> WebUser, and use a
> > different set of permissions than loginUser.
> >
> > See the javadoc for more info.
> >
> > Matt
> >
> > On Fri, 2003-08-29 at 08:59, Frank Wunderlich wrote:
> > > Hi Ben,
> > >
> > > I don't know why this exception is raised.
> > >
> > > But why don't you use
> > > cmso.loginUser(user,passwd)
> > > instead of
> > > cmso.readUser(user,passwd)?
> > >
> > > That way OpenCms automatically keeps the current user in
> > the session.
> > > Regards, Frank.
> > >
> > >
> > > --
> > > Frank Wunderlich
> > > Berlin . Germany
> > > www.frank-wunderlich.de
> > >
> > >
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: opencms-dev-admin at opencms.org
> > > > [mailto:opencms-dev-admin at opencms.org] Im Auftrag von
> Ben Rometsch
> > > > Gesendet: Freitag, 29. August 2003 05:23
> > > > An: opencms-dev at opencms.org
> > > > Betreff: [opencms-dev] CmsUser as a session variable
> > > >
> > > >
> > > > Hi,
> > > >
> > > > I have the following in a jsp page (it's the execution part of a
> > > > user login
> > > > form):
> > > >
> > > > ----------
> > > >
> > > > <%@ page import="java.util.*,
> > > > com.opencms.flex.jsp.*,
> > > > com.opencms.file.*,
> > > > com.opencms.file.CmsUser" %>
> > > >
> > > > <%
> > > > if (request.getParameter("login") != null) {
> > > >
> > > > CmsJspActionElement cms = new
> > CmsJspActionElement(pageContext,
> > > > request, response);
> > > > CmsObject cmso = cms.getCmsObject();
> > > >
> > > > String username = request.getParameter("username");
> > > > String password = request.getParameter("password");
> > > >
> > > > try {
> > > > CmsUser webUser = cmso.readUser(username,password);
> > > > out.println("You are now logged in as " + username);
> > > > } catch (Exception ex) {
> > > > out.println("Error logging in");
> > > > }
> > > > }
> > > > %>
> > > >
> > > > -----------
> > > >
> > > > This is working fine. The problem I have is that I want
> > to make the
> > > > webUser instance session scoped. If I add the following
> > underneath
> > > > the page import:
> > > >
> > > > <jsp:useBean id="webUser" class="com.opencms.file.CmsUser"
> > > > scope="session"/>
> > > >
> > > > And change the line:
> > > >
> > > > CmsUser webUser = cmso.readUser(username,password);
> > > >
> > > > To
> > > >
> > > > webUser = cmso.readUser(username,password);
> > > >
> > > > I get an error:
> > > >
> > > >
> > > > javax.servlet.ServletException: Resource loader error in file
> > > > '/RGLIntranet/login.jsp'
> > > >
> > > > Root cause:
> > > > org.apache.jasper.JasperException
> > > > at
> > org.apache.jasper.servlet.JspServletWrapper.service(JspServlet
> > > > Wrapper.java:2
> > > > 54)
> > > > at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet
> > > > .java:295)
> > > > at
> > > >
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
> > > > at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> > > > at
> > > > org.apache.catalina.core.ApplicationDispatcher.invoke(Applicat
> > > > ionDispatcher.
> > > > java:684)
> > > > at
> > > > org.apache.catalina.core.ApplicationDispatcher.doInclude(Appli
> > > > cationDispatch
> > > > er.java:575)
> > > > at
> > > > org.apache.catalina.core.ApplicationDispatcher.include(Applica
> > > > tionDispatcher
> > > > .java:498)
> > > > at
> > > > com.opencms.flex.cache.CmsFlexRequestDispatcher.include(CmsFle
> > > > xRequestDispat
> > > > cher.java:180)
> > > > at
> com.opencms.flex.CmsJspLoader.service(CmsJspLoader.java:955)
> > > > at
> > > > com.opencms.flex.cache.CmsFlexRequestDispatcher.include(CmsFle
> > > > xRequestDispat
> > > > cher.java:268)
> > > > at
> com.opencms.flex.CmsJspLoader.load(CmsJspLoader.java:567)
> > > > at
> > > > com.opencms.flex.CmsJspLoader.initlaunch(CmsJspLoader.java:235)
> > > > at
> com.opencms.core.OpenCms.showResource(OpenCms.java:956)
> > > > at
> > > >
> >
> com.opencms.core.OpenCmsHttpServlet.doGet(OpenCmsHttpServlet.java:310)
> > > > at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
> > > > at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> > > > at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilt
> > > > er(Application
> > > > FilterChain.java:247)
> > > > at
> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli
> > > > cationFilterCh
> > > > ain.java:193)
> > > > at
> > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardW
> > > > rapperValve.ja
> > > > va:256)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > at
> > > >
> >
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > at
> org.apache.catalina.core.StandardContextValve.invoke(StandardC
> > > > ontextValve.ja
> > > > va:191)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > at
> > > >
> >
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > at
> org.apache.catalina.core.StandardContext.invoke(StandardContex
> > > > t.java:2416)
> > > > at
> > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHost
> > > > Valve.java:180
> > > > )
> > > > at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > at
> > > > org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDi
> > > > spatcherValve.
> > > > java:171)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:641)
> > > > at
> > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport
> > > > Valve.java:172
> > > > )
> > > > at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:641)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > at
> > > >
> >
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEn
> > > > gineValve.java
> > > > :174)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > at
> > > >
> >
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > at
> org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.
> > > > java:223)
> > > > at
> > > > org.apache.coyote.http11.Http11Processor.process(Http11Process
> > > > or.java:601)
> > > > at
> > > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandle
> > > > r.processConne
> > > > ction(Http11Protocol.java:392)
> > > > at
> > > > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoi
> > > > nt.java:565)
> > > > at
> > > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> > > > ThreadPool.jav
> > > > a:619)
> > > > at java.lang.Thread.run(Thread.java:534)
> > > >
> > > > --------------- End of root cause.
> > > >
> > > > at
> com.opencms.flex.CmsJspLoader.service(CmsJspLoader.java:962)
> > > > at
> > com.opencms.flex.cache.CmsFlexRequestDispatcher.include(CmsFle
> > > > xRequestDispat
> > > > cher.java:268)
> > > > at
> com.opencms.flex.CmsJspLoader.load(CmsJspLoader.java:567)
> > > > at
> > > > com.opencms.flex.CmsJspLoader.initlaunch(CmsJspLoader.java:235)
> > > > at
> com.opencms.core.OpenCms.showResource(OpenCms.java:956)
> > > > at
> > > >
> >
> com.opencms.core.OpenCmsHttpServlet.doGet(OpenCmsHttpServlet.java:310)
> > > > at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
> > > > at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> > > > at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilt
> > > > er(Application
> > > > FilterChain.java:247)
> > > > at
> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli
> > > > cationFilterCh
> > > > ain.java:193)
> > > > at
> > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardW
> > > > rapperValve.ja
> > > > va:256)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > at
> > > >
> >
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > at
> org.apache.catalina.core.StandardContextValve.invoke(StandardC
> > > > ontextValve.ja
> > > > va:191)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > at
> > > >
> >
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > at
> org.apache.catalina.core.StandardContext.invoke(StandardContex
> > > > t.java:2416)
> > > > at
> > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHost
> > > > Valve.java:180
> > > > )
> > > > at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > at
> > > > org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDi
> > > > spatcherValve.
> > > > java:171)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:641)
> > > > at
> > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport
> > > > Valve.java:172
> > > > )
> > > > at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:641)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > at
> > > >
> >
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEn
> > > > gineValve.java
> > > > :174)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > at
> > > >
> >
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > at
> org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.
> > > > java:223)
> > > > at
> > > > org.apache.coyote.http11.Http11Processor.process(Http11Process
> > > > or.java:601)
> > > > at
> > > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandle
> > > > r.processConne
> > > > ction(Http11Protocol.java:392)
> > > > at
> > > > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoi
> > > > nt.java:565)
> > > > at
> > > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> > > > ThreadPool.jav
> > > > a:619)
> > > > at java.lang.Thread.run(Thread.java:534)
> > > >
> > > >
> > > >
> > > > Does anyone know why this would be?
> > > >
> > > > _______________________________________________
> > > > This mail is send to you from the opencms-dev mailing
> > list To change
> > > > your list options, or to unsubscribe from the list, please visit
> > > > http://mail.opencms.org/mailman/listinfo/opencms-dev
> > > >
> > >
> > >
> > > _______________________________________________
> > > This mail is send to you from the opencms-dev mailing
> list To change
> > > your list options, or to unsubscribe from the list, please visit
> > > http://mail.opencms.org/mailman/listinfo/opencms-dev
> > --
> > M Butcher <mbutcher at grcomputing.net>
> > _______________________________________________
> > This mail is send to you from the opencms-dev mailing list To change
> > your list options, or to unsubscribe from the list, please visit
> > http://mail.opencms.org/mailman/listinfo/opencms-dev
> >
> > _______________________________________________
> > This mail is send to you from the opencms-dev mailing list To change
> > your list options, or to unsubscribe from the list, please visit
> > http://mail.opencms.org/mailman/listinfo/opencms-dev
> >
>
>
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list To
> change your
> list options, or to unsubscribe from the list, please visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev
>
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list,
> please visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev
>
More information about the opencms-dev
mailing list