AW: AW: [opencms-dev] CmsUser as a session variable

Frank Wunderlich k.frank.wunderlich at gmx.de
Mon Sep 1 12:00:04 CEST 2003


To access the user, try one of these:

public java.lang.String CmsJspActionElement.user(java.lang.String
property)
public CmsUser CmsObject.readUser(java.lang.String username)
<cms:user property="..." />

To access the session itself:
Use the predefined JSP variable "session"...

Greetings,
Frank.



--
Frank Wunderlich
Berlin . Germany
www.frank-wunderlich.de

> -----Ursprüngliche Nachricht-----
> Von: opencms-dev-admin at opencms.org 
> [mailto:opencms-dev-admin at opencms.org] Im Auftrag von Ben Rometsch
> Gesendet: Montag, 1. September 2003 11:16
> An: opencms-dev at opencms.org
> Betreff: RE: AW: [opencms-dev] CmsUser as a session variable
> 
> 
> Hi Frank,
> 
> That is very pertinent information - thank you very much for the help.
> 
> One further question though: I want to do a sanity check on 
> each priveleged page, to ensure that the user is allowed to 
> view that page, and that they are not a hacker pasting in a 
> url, for example. How would I get a reference to the User 
> session object within the jsp? 
> 
> Thanks,
> Ben
> 
> -----Original Message-----
> From: opencms-dev-admin at opencms.org 
> [mailto:opencms-dev-admin at opencms.org]
> On Behalf Of Frank Wunderlich
> Sent: 01 September 2003 18:50
> To: opencms-dev at opencms.org
> Subject: AW: AW: [opencms-dev] CmsUser as a session variable
> 
> Hi Ben,
> 
> as far as I have understood, you would have to extend the 
> User-Administration in the BackOffice to create and edit 
> Webusers. But you can create usergroups that are derived from 
> "Guests" and users that belong to these groups. "Guests" have 
> - like Webusers - no access to the backend.
> 
> If you create a usergroup "Privileged Guests" and 
> contentfolders that are owned by this group, only users that 
> are logged in and belong to "Privileged Guests" have access 
> to this area of the site. OpenCms even hides the 
> corresponding navigation-items from anonymous users. You 
> don't have to worry about any access-rights validation. 
> OpenCms does all the work for you.
> 
> Hope I could help,
> Frank.
> 
> 
> --
> Frank Wunderlich
> Berlin . Germany
> www.frank-wunderlich.de
> 
> > -----Ursprüngliche Nachricht-----
> > Von: opencms-dev-admin at opencms.org 
> > [mailto:opencms-dev-admin at opencms.org] Im Auftrag von Ben Rometsch
> > Gesendet: Montag, 1. September 2003 07:35
> > An: opencms-dev at opencms.org
> > Betreff: RE: AW: [opencms-dev] CmsUser as a session variable
> > 
> > 
> > Is it possible to create a webuser in the Admin interface?
> > 
> > We are building an Intranet for our one of our clients. The
> > requirement we have is that OpenCMS administrators will be able to 
> > create users within OpenCMS who will be allowed access to certain 
> > priveleged areas of the Intranet. This is why I am not using the 
> > WebUser object.
> > 
> > The code now works for logging users in and reads as follows:
> > 
> > ---------------------------------------
> > CmsJspActionElement cms = new CmsJspActionElement(pageContext, 
> > request, response);
> >     CmsObject cmso = cms.getCmsObject();
> > 
> >     String username = request.getParameter("username");
> >     String password = request.getParameter("password");
> >     
> >     try { 
> >       String webUser = cmso.loginUser(username,password);
> >       out.println("You are now logged in as " + username);
> >       out.println("<br>User is a member of the following
> > groups:<br>");
> >       
> >       Vector userGroups = cmso.getDirectGroupsOfUser(username); 
> >       CmsGroup thisGroup;
> >       for (Enumeration allGroups = userGroups.elements();
> > allGroups.hasMoreElements();) {
> >         thisGroup = (CmsGroup)allGroups.nextElement();
> >         out.println("<br>" + thisGroup.getName() + ": " +
> > thisGroup.getDescription());
> >       }
> > 
> >     } catch (Exception ex) {
> >       out.println("Error logging in");
> >     }
> > ---------------------------------------
> > 
> > Does this user get added to the session automatically? If the user
> > logs in and then clicks on a link to a privileged area, how would I 
> > check that they have a valid session?
> > 
> > Thanks,
> > Ben
> > 
> > 
> > 
> > -----Original Message-----
> > From: opencms-dev-admin at opencms.org 
> > [mailto:opencms-dev-admin at opencms.org]
> > On Behalf Of M Butcher
> > Sent: 30 August 2003 05:13
> > To: opencms-dev at opencms.org
> > Subject: Re: AW: [opencms-dev] CmsUser as a session variable
> > 
> > Ben,
> > 
> > Not sure if I understand all of your problem, but in addition to
> > Frank's message I would add that you should look at the 
> loginWebUser 
> > and readWebUser methods as well. They are scoped to 
> WebUser, and use a 
> > different set of permissions than loginUser.
> > 
> > See the javadoc for more info.
> > 
> > Matt
> > 
> > On Fri, 2003-08-29 at 08:59, Frank Wunderlich wrote:
> > > Hi Ben,
> > > 
> > > I don't know why this exception is raised.
> > > 
> > > But why don't you use 
> > > 	cmso.loginUser(user,passwd)
> > > instead of 
> > > 	cmso.readUser(user,passwd)?
> > > 
> > > That way OpenCms automatically keeps the current user in
> > the session.
> > > Regards, Frank.
> > > 
> > > 
> > > --
> > > Frank Wunderlich
> > > Berlin . Germany
> > > www.frank-wunderlich.de
> > > 
> > > 
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: opencms-dev-admin at opencms.org
> > > > [mailto:opencms-dev-admin at opencms.org] Im Auftrag von 
> Ben Rometsch
> > > > Gesendet: Freitag, 29. August 2003 05:23
> > > > An: opencms-dev at opencms.org
> > > > Betreff: [opencms-dev] CmsUser as a session variable
> > > > 
> > > > 
> > > > Hi,
> > > > 
> > > > I have the following in a jsp page (it's the execution part of a
> > > > user login
> > > > form):
> > > > 
> > > > ----------
> > > > 
> > > > <%@ page import="java.util.*,
> > > >                  com.opencms.flex.jsp.*,
> > > >                  com.opencms.file.*,
> > > >                  com.opencms.file.CmsUser" %>
> > > > 
> > > > <%
> > > >   if (request.getParameter("login") != null) {
> > > > 
> > > >     CmsJspActionElement cms = new
> > CmsJspActionElement(pageContext,
> > > > request, response);
> > > >     CmsObject cmso = cms.getCmsObject();
> > > > 
> > > >     String username = request.getParameter("username");
> > > >     String password = request.getParameter("password");
> > > >     
> > > >     try { 
> > > >       CmsUser webUser = cmso.readUser(username,password);
> > > >       out.println("You are now logged in as " + username);
> > > >     } catch (Exception ex) {
> > > >       out.println("Error logging in");
> > > >     }
> > > >   }
> > > > %>
> > > > 
> > > > -----------
> > > > 
> > > > This is working fine. The problem I have is that I want
> > to make the
> > > > webUser instance session scoped. If I add the following
> > underneath
> > > > the page import:
> > > > 
> > > > <jsp:useBean id="webUser" class="com.opencms.file.CmsUser" 
> > > > scope="session"/>
> > > > 
> > > > And change the line:
> > > > 
> > > > CmsUser webUser = cmso.readUser(username,password);
> > > > 
> > > > To
> > > > 
> > > > webUser = cmso.readUser(username,password);
> > > > 
> > > > I get an error:
> > > > 
> > > > 
> > > > javax.servlet.ServletException: Resource loader error in file
> > > > '/RGLIntranet/login.jsp'
> > > > 
> > > > Root cause:
> > > > org.apache.jasper.JasperException
> > > > 	at
> > org.apache.jasper.servlet.JspServletWrapper.service(JspServlet
> > > > Wrapper.java:2
> > > > 54)
> > > > 	at 
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet
> > > > .java:295)
> > > > 	at
> > > > 
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
> > > > 	at 
> javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> > > > 	at
> > > > org.apache.catalina.core.ApplicationDispatcher.invoke(Applicat
> > > > ionDispatcher.
> > > > java:684)
> > > > 	at
> > > > org.apache.catalina.core.ApplicationDispatcher.doInclude(Appli
> > > > cationDispatch
> > > > er.java:575)
> > > > 	at
> > > > org.apache.catalina.core.ApplicationDispatcher.include(Applica
> > > > tionDispatcher
> > > > .java:498)
> > > > 	at
> > > > com.opencms.flex.cache.CmsFlexRequestDispatcher.include(CmsFle
> > > > xRequestDispat
> > > > cher.java:180)
> > > > 	at 
> com.opencms.flex.CmsJspLoader.service(CmsJspLoader.java:955)
> > > > 	at
> > > > com.opencms.flex.cache.CmsFlexRequestDispatcher.include(CmsFle
> > > > xRequestDispat
> > > > cher.java:268)
> > > > 	at 
> com.opencms.flex.CmsJspLoader.load(CmsJspLoader.java:567)
> > > > 	at
> > > > com.opencms.flex.CmsJspLoader.initlaunch(CmsJspLoader.java:235)
> > > > 	at 
> com.opencms.core.OpenCms.showResource(OpenCms.java:956)
> > > > 	at
> > > > 
> > 
> com.opencms.core.OpenCmsHttpServlet.doGet(OpenCmsHttpServlet.java:310)
> > > > 	at 
> javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
> > > > 	at 
> javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> > > > 	at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilt
> > > > er(Application
> > > > FilterChain.java:247)
> > > > 	at
> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli
> > > > cationFilterCh
> > > > ain.java:193)
> > > > 	at
> > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardW
> > > > rapperValve.ja
> > > > va:256)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > 	at
> > > > 
> > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > 	at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardC
> > > > ontextValve.ja
> > > > va:191)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > 	at
> > > > 
> > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > 	at 
> org.apache.catalina.core.StandardContext.invoke(StandardContex
> > > > t.java:2416)
> > > > 	at
> > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHost
> > > > Valve.java:180
> > > > )
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > 	at
> > > > org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDi
> > > > spatcherValve.
> > > > java:171)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:641)
> > > > 	at
> > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport
> > > > Valve.java:172
> > > > )
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:641)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > 	at
> > > > 
> > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > 	at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEn
> > > > gineValve.java
> > > > :174)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > 	at
> > > > 
> > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > 	at 
> org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.
> > > > java:223)
> > > > 	at
> > > > org.apache.coyote.http11.Http11Processor.process(Http11Process
> > > > or.java:601)
> > > > 	at
> > > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandle
> > > > r.processConne
> > > > ction(Http11Protocol.java:392)
> > > > 	at
> > > > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoi
> > > > nt.java:565)
> > > > 	at
> > > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> > > > ThreadPool.jav
> > > > a:619)
> > > > 	at java.lang.Thread.run(Thread.java:534)
> > > > 
> > > > --------------- End of root cause.
> > > > 
> > > > 	at 
> com.opencms.flex.CmsJspLoader.service(CmsJspLoader.java:962)
> > > > 	at
> > com.opencms.flex.cache.CmsFlexRequestDispatcher.include(CmsFle
> > > > xRequestDispat
> > > > cher.java:268)
> > > > 	at 
> com.opencms.flex.CmsJspLoader.load(CmsJspLoader.java:567)
> > > > 	at
> > > > com.opencms.flex.CmsJspLoader.initlaunch(CmsJspLoader.java:235)
> > > > 	at 
> com.opencms.core.OpenCms.showResource(OpenCms.java:956)
> > > > 	at
> > > > 
> > 
> com.opencms.core.OpenCmsHttpServlet.doGet(OpenCmsHttpServlet.java:310)
> > > > 	at 
> javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
> > > > 	at 
> javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> > > > 	at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilt
> > > > er(Application
> > > > FilterChain.java:247)
> > > > 	at
> > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli
> > > > cationFilterCh
> > > > ain.java:193)
> > > > 	at
> > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardW
> > > > rapperValve.ja
> > > > va:256)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > 	at
> > > > 
> > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > 	at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardC
> > > > ontextValve.ja
> > > > va:191)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > 	at
> > > > 
> > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > 	at 
> org.apache.catalina.core.StandardContext.invoke(StandardContex
> > > > t.java:2416)
> > > > 	at
> > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHost
> > > > Valve.java:180
> > > > )
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > 	at
> > > > org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDi
> > > > spatcherValve.
> > > > java:171)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:641)
> > > > 	at
> > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport
> > > > Valve.java:172
> > > > )
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:641)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > 	at
> > > > 
> > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > 	at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEn
> > > > gineValve.java
> > > > :174)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv
> > > > eContext.invok
> > > > eNext(StandardPipeline.java:643)
> > > > 	at
> > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel
> > > > ine.java:480)
> > > > 	at
> > > > 
> > 
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> > > > 	at 
> org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.
> > > > java:223)
> > > > 	at
> > > > org.apache.coyote.http11.Http11Processor.process(Http11Process
> > > > or.java:601)
> > > > 	at
> > > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandle
> > > > r.processConne
> > > > ction(Http11Protocol.java:392)
> > > > 	at
> > > > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoi
> > > > nt.java:565)
> > > > 	at
> > > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> > > > ThreadPool.jav
> > > > a:619)
> > > > 	at java.lang.Thread.run(Thread.java:534)
> > > > 
> > > > 
> > > > 
> > > > Does anyone know why this would be?
> > > > 
> > > > _______________________________________________
> > > > This mail is send to you from the opencms-dev mailing
> > list To change
> > > > your list options, or to unsubscribe from the list, please visit
> > > > http://mail.opencms.org/mailman/listinfo/opencms-dev
> > > > 
> > > 
> > > 
> > > _______________________________________________
> > > This mail is send to you from the opencms-dev mailing 
> list To change
> > > your list options, or to unsubscribe from the list, please visit 
> > > http://mail.opencms.org/mailman/listinfo/opencms-dev
> > --
> > M Butcher <mbutcher at grcomputing.net> 
> > _______________________________________________
> > This mail is send to you from the opencms-dev mailing list To change
> > your list options, or to unsubscribe from the list, please visit 
> > http://mail.opencms.org/mailman/listinfo/opencms-dev
> > 
> > _______________________________________________
> > This mail is send to you from the opencms-dev mailing list To change
> > your list options, or to unsubscribe from the list, please visit 
> > http://mail.opencms.org/mailman/listinfo/opencms-dev
> > 
> 
> 
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list To 
> change your
> list options, or to unsubscribe from the list, please visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev
> 
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, 
> please visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev
> 





More information about the opencms-dev mailing list