I am building an application and I want to do a validation in which when user tries to access a POST method he should be redirected to a new Page. For example when I Login, the username and password validations are done in the post method that has
#RequestMapping(value = "/firstPage.htm", method = RequestMethod.POST)
So what I want to do is if user saves this link xyz.../firstPage.htm after the application is closed by pasting it in browser url, he should not get 405 error instead he should be redirected to another page that says You are not Authenticated to view this page.
How do I do this?
Regards,
Zingo
You could add another method in your controller that handles the same URI, but with RequestMethod Get. It can simply shows a page with a login form asking the user to login.
This will also lead to a more standardized approach. Where a GET request to a URL shows the form, while POSTing credentials to the same URL logs you in.
Hope this helps.
Related
Currently, I’m developing a web app with server-side rendering using the Gin framework and I’m having a problem with login intercepting. When an HTTP GET request hits an endpoint, middleware is used to check the browser cookie and redirect the traffic to the login page. This works fine and after successful login, the user is always redirected to the dashboard page. My question is how I should redirect the user back to the originally requested URI instead of the dashboard page?
Also, a bit more complex scenario is on HTTP POST. It looks like the HTTP POST method doesn’t work quite well with a redirect. Also, how would I resume the request with the same post request after the user successfully login?
Thanks for the help!
For the HTTP GET scenario, this one is easy, you need to remember the original URL somewhere. The are a few ways you could go about this:
Store the URL in session information(if any is available, you do need sessions for non-authenticated users)
Store it in a query string, for example, redirect to example.com/login?original=https%3A%2F%2Fexample.com%2Fanother-page. Your login page can look for the query parameter and include it in the login form or make sure that the action of the login form matches the given URI. On a successful login attempt you can get the original URL form the query param and set it as the Location.
Store the original URL in a cookie, upon successful login you can just check the cookie value and use that.
As for the HTTP POST scenario. If you just want to redirect the same POST request to a different URL you can use a 307 Temporary redirect. A 307 will preserve the request body and method and not turn it into a GET request like a 303 See Other or 302 Found.
Resuming the original POST after showing the login screen and after a successful login is a little more complex. When you redirect to the login page you interrupt the flow of the user, maybe it is better to let the user re-post their request after logging in, instead of doing it for them.
Having said that, it is technically possible. We require two steps, first is storing all the data to recreate the request. Then after login completion we can render a form with this saved data and use javascript to submit the form. By adding:
<script>document.getElementById("myForm").submit();</script>
After your form, the browser will submit the form after loading the javascript, thus recreating the original POST.
The storage part can be done via the server side session or a cookie.
I have a HttpServletRequest object with me in a post login hook. How to get what URL is there is the browser.
When I am using PortalUtil.getCurrentCompleteURL(HttpServletRequest) I am always getting http://localhost:8080/c. I need something like http://localhost:8080/web/abc.
I don't have ThemeDisplay object with me.
I guess that the URL you are looking for is the one from before the login. The portal saves that one in the session when redirecting to the login page. You can access it like this:
String lastPath = session.getAttribute(WebKeys.LAST_PATH);
Iam using custom Authorize filter to on my action method to check if user has an access to it.
If user does not have an access then user is redirected to Unauthorize page.
The problem iam facing here is iam using Jquery Ajax request to call that action method. Everything works well if the user has an access. But if the user does not have an access the code is not able to bind the View("Unauthorize") and it display the existing view on the browsers screen;
Any suggestions would be helpful.
Thanks.
The thing is that ajax requests can not send a redirect response. You can instead either return a status code that tells the calling javascript to redirect or simply change the Response.ContentType to application/javascript and use window.location = "newUri" as the response body.
I noticed if my session expired whilst on my site and then I clicked on an Ajax.ActionLink, the login page would be displayed in a PartialView. I've created an override of the OnActionExecuting method like so:
protected override void OnActionExecuting(ActionExecutingContext ctx)
{
if (!ctx.HttpContext.User.Identity.IsAuthenticated)
{
if (ctx.RequestContext.HttpContext.Request.IsAjaxRequest())
{
//ctx.RequestContext.HttpContext.Response.RedirectToRoute(new { controller = "Account", action = "LogOn" });
ctx.RequestContext.HttpContext.Response.Redirect(Url.RouteUrl(new { controller = "Account", action = "LogOn" }));
}
}
}
This checks if the User is Authenticated and then if the request is an AjaxRequest. It will then redirect the user to the LogOn method in my Account controller if they're no longer authenticated for an Ajax actionlink. The problem is I get "Failed to load resource" in the console.
This checks if the User is Authenticated and then if the request is an
AjaxRequest. It will then redirect the user to the LogOn method in my
Account controller if they're no longer authenticated for an Ajax
actionlink
Yes, but if you configured your Ajax.ActionLink or Ajax.BeginForm to update some DOM element with the results of the AJAX request using the AjaxOptions, it doesn't really matter if you are redirecting on the server. The AJAX request will simply follow the redirect and insert the resulting HTML you redirected to (/Account/LogOn) inside the DOM element.
So redirecting from an AJAX request won't solve your problem. As you know the whole point of an AJAX request is to stay on the same page (the address bar never changes).
If you wanted to handle the authentication cookie expired condition in a proper way within your AJAX requests you will have to perform the redirect on the client (using window.location.href). In order to achieve that you may take a look at the following blog post in which Phil Haack exposes a great technique allowing your server to send a 401 HTTP status code in this case instead of redirecting. Then on the client you could intercept this code (by subscribing to a global AJAX handler for example) and redirect to the logon page from the client.
I have added an ActionFilter to my MVC site which checks if a user is currently logged on, by checking against a session value, if they are not, they are redirected to a login page. The action filter attribute is added to each controller, so regardless of the page the user tries to view they are redirected to the login view. This bit all works fine.
When the user successfully logs in, I want them to be redirected to the page they were trying to originally access, but I don't how to get my Login Post action to know where to redirect too.
Any help greatly appreciated.
You send along a ReturnUrl when you go to the login view. Then the action method for the login view uses that value to know where to return. The following may help:
ReturnUrl in ASP.NET MVC
as well as this
ASP.NET MVC - CustomeAuthorize filter action using an external website for loggin in the user