We have an application where user sends form with id's on button click. If the user clicks on the button after session expires, it will redirect to login page. After login i am able to redirect to the post URL, but the form data id's are not present. Is there any way to do this?
Related
I have created a custom landing page hook in Liferay6.2.
Suppose user enters abc.com/xyz. Then after login he should not be redirected to my custom landing page. Instead he should be redirected to xyz post login.
My landing page should be selected only when he enters abc.com
How to implement this.
This can be fetched using below code in your PostLogin Hook
LastPath lastPath = (LastPath) session.getAttribute(WebKeys.LAST_PATH);
I have a login form submitted with Ajax. In one specific case, after the user logs in, I need to log them out with Auth::logout() and display an additional modal box. All of this happens with no page reload.
When the login modal is opened and submitted again, I get a Token mismatch error. The reason why this happens is because the logout uses Session::flush(). After this the _token Session variable is refreshed, while the _token input in the login form stays the same (because of the mentioned lack of page reload).
How can I refresh the CSRF _token in the login form, so it matches the one refreshed in the Session in a secure way?
When your login is submitted via ajax, your server is presumably sending back some kind of response to let the browser know the login was successful. You should send back the new CSRF token with this response, so that you can update the form client-side (with javascript).
To provide any more detail (how to update form fields, for example) we would need to see more of your code.
Need some idea on the process to land in a page after I login to my web portal. My requirement is I will enter Url of a particular page in to the browser, then system will check is the user is login to the system, if yes it will land on the page I have entered but if not then system will take me to the login page and after successful login I will be landed in to the page I have entered in the browser.
So, please tell me how to do it in plain servlet/Jsp model, Spring and Struts 1 and Struts 2.
Any post will be helpful
I know about basic jsp/servlet model.
Write a Servlet filter which will intercept every request from the brwoser, there check is the user is logged in or not. If logged in your normal flow will continue but if not then redirect to the login page. When you are redirecting to the login page, make sure you send the url hit by browser in the response. Now in client side hold the url send in response and after eneter credentials in login page when user will submit the record send the url (Hold in the client side from response) in the request and after successful login use Servelet Request dispatcher to land in the url.
I am not sure but spring-security has this feature and struts 2. But implementation process can be share by others who are familiar on this technologies. But in struts 1 it's not available and you have to do it manually.
it will very easy with spring security you just need to secure some path pattern. you doesn't need to add some code in your jsp or controller, example
for url /admin/* need administrator role
for url /user/* need user role
for url /public/* no need login (anynomous)
it just need configure at your spring-security.xml
you can start here
I'm using Spring MVC for a personal webpage with a local Tomcat 6 server. I'm using a default Tomcat configuration(what eclipse would setup by default).
In my controllers(using one controller for each page, and creating Session beans to pass information between them) I have two methods, one for capturing a POST and one for capturing a GET Request Method. The page logic will have the user click a submit button and will use a "redirect:abc.htm" return to send them to a new page or back to the GET method.
I'm not explicitly handling cookies, but do have all the information in Session Beans and am using Spring Security to handle security/user management.
I have a spring security configuration to redirect the user back to the login page if they are not authorized. I also have an ExceptionHandler catching HttpSessionRequiredException, though this is not what is triggering when I expire the user sessions(it's using the logic of my Spring Security configuration).
When the session is expired(I'm doing this through Tomcat manager) the user is redirected back to the login page. They are redirected after they try to do something(click a submit, or revisit any page except login.htm).
My issue is that once they get back to the initial page that their session expired at, if at the time of expiration they clicked a submit button, it is redirecting them past the initial page and handling the POST event from the submit.
Example:
User is logged in, and on the main page
User Session Expires
User, on the main page, click a submit button
User is redirected back to the login.htm page
User logs in and navigates back to the main page.
Instead of following the logic of the GET for the main page, they are treated to the POST of the main page, and I'm not sure where the POST variables are coming from.
Is there any way to trace where this error is coming from or what exactly is causing it?
This is done by spring-security. Spring security stores the request details in the session before redirecting the user to the login page. On successful login it will retrieve the request details from the session and redirect to that.
You can set the always-use-default-target attribute of the form-login configuration to override this behavior.
I have added an ActionFilter to my MVC site which checks if a user is currently logged on, by checking against a session value, if they are not, they are redirected to a login page. The action filter attribute is added to each controller, so regardless of the page the user tries to view they are redirected to the login view. This bit all works fine.
When the user successfully logs in, I want them to be redirected to the page they were trying to originally access, but I don't how to get my Login Post action to know where to redirect too.
Any help greatly appreciated.
You send along a ReturnUrl when you go to the login view. Then the action method for the login view uses that value to know where to return. The following may help:
ReturnUrl in ASP.NET MVC
as well as this
ASP.NET MVC - CustomeAuthorize filter action using an external website for loggin in the user