I am using Authentication plugin for Grails. It needs a flash variable to be set to do redirection after successful login.
I set the flash variable in various places in controller, in view just before authentication service does it's work, but somehow flash variables are being cleared on the way.
I can't manage to find a way to spot the request that clears flash scope. I am asking some advice on how to find the point that flash is being cleared so I may have better idea on what to do.
Of course answers on how to fix the problem with Authentication plugin are even more appreciated.
which authentication plugin, there are many.
Debugging things like this is a pain. I would attach the source of the plugin into your IDE, fire up your debugger, and step thru the plugin execution.
Related
Extended OOB Onepage Link Block and link.phtml to disable the button based on customer group id, the changes are working but the button is disabled for all the customers, not just for the customers that are in specified group. I cleared cache many times but still no luck. I have correct entries in checkout_cart_index.xml and I do see it working but not the way it's supposed to do. Is there anything else that needs to be done to fix this issue since it prevent checkout for all the customers?
Found out hard way that it was a simple typo in the Block class name, I was using wrong Session class, where required method wasn't available. Took sometime to find this out and but it's working now. Please make sure that vendor/module, and/or other names are correct with case, otherwise it's hard to debug since we don't get meaningful errors unlike Java. I couldn't enable developer mode due to other issues which also complicated the problem.
I'm writing a Joomla plugin, which is basically just a wrapper around an application written in CakePHP (version 3.3; not in a good position to upgrade this at the current moment). I'm running into various issues with session data.
First problem is that Cake's Request object creates a Session object, which does not allow for the possibility that the PHP session might already have been started; it throws an error in this case. (I see no changes in this area of the code in Cake v3.6.)
My original solution to this was to have my plugin code close the Joomla session before starting up Cake, and let Cake do its own thing with its own cookie and session table. But by doing this I lose any changes that Joomla might make to its session after my code runs, which isn't ideal.
Next attempt was to hack the Session class slightly (proof of concept; a proper implementation to be made without any core changes if it works) to allow setting the _started member to true before starting the dispatcher. This works, in that Cake and Joomla data are now saved together in the Joomla session table.
However, Cake's session data includes Auth.User, the record of the user currently logged in. That record includes objects of type Cake\I18n\FrozenDate. On any page load after this has been written into the session, that class is not yet available (Cake's autoloader hasn't run) when Joomla loads the session. So those fields come in as __PHP_Incomplete_Class, which then breaks other things.
My current solution to this is to reload the entire session at this point (session_reset), first copying any uncommitted changes Joomla has made to $_SESSION, then restoring them after the reset.
In limited testing so far, this seems to be working. But I'm wondering whether I've missed some obvious problem, or obvious easier solution. Any comments, suggestions, or thought-provoking questions much appreciated. :-)
For example, is there some way for me to run Cake's autoloader before Joomla initializes the session, without hacking the Joomla core at all? That could be a simpler solution.
If this turns out well, I'll see what I can do to make the code available.
I am using Spring-ROO as well as Spring security for my web application. I have set the session-timeout as 10. On closing the browser, the session is not getting closed automatically. Can anyone tell any method to close the session when the browser is closed?
Is there any configuration available to have this settings?
Please note that I cant use jquery/javascript.
I don't think this is possible, as no OnBrowserClosed event exists. The only thing that gets close is the non-standard window.onunload DOM event, which you could catch, but that would mean having custom logic run whenever you navigate from one page to another, and even then I don't think you can access the URL the user is going to next, which would be required to know that the user is actually going away from your site (something like null meaning that he goes to no site at all).
One think you could do is to set the timeout even shorter and have a JavaScript on every page that pings the server in regular short intervals using AJAX, but that's a dirty hack, and it would lock out anyone who has JS turned off. A clean solution is not possible IMHO.
I'm trying to figure out how to disable programatically the fishing site warnings that pop up when you enter a user name and password along with the url to a secure website, such as.
https://UserName:PassWord#Https://Secure.Website.com
Before the url comes up the warning dialog pops up first, since I know that the url I programmed is secure, I don't need the fishing site warning to pop up.
If anyone has any Ideas, I would greatly appreciate it. Thank you in advance.
You just cant do this.
This behavior is in private UIKit apis that you can't alter without being rejected from AppStore.
And for once, there is a good reason to this, a security reason :)
EDIT (after comments below)
I think you can disable these warnings in device settings : Settings App > Safari > Fraud Warning
Note that you can't do this with code from your app. You can only ask user to do so, or maybe by using Enterprise deployment facilities.
EDIT 2 About security concerns
Again, there are very GOOD reason to this security, especially for a company concerned by its confidentiality/security.
It is not because you set a static URL in a UIWebView that this is the URL you will get, phishing is not only from websites servers, it can also come from a middle man attack on the TCP/IP connection, DNS spoofing, or who knows, an admin going nuts :)
Modifying private APIs is not easy, there is no source code, just assembly code that you can disassemble/analyze to figure a way to override/inject code doing what you want. It takes time that sorry I have not.
In other words : you should find an alternative solution, like another URL without https (ask webmaster) but another security, not requesting data from UIWebView... I'm afraid there is no easy workaround. And I guess you know that URL authentication like you are trying to do is highly unsecure, any intermediate could just get the query and login/password.
It is phishing and not fishing :)
Do you know you can edit your comments on stackoverflow?
I'm looking to build an integrated login and user management system between Joomla and eGroupware, ideally with Joomla as the driver. That is, users would log in to Joomla and have their credentials passed into eGroupware as well, so that they could follow a link over to eGW and not have to log in again. Also administrators could add new users to Joomla (or update existing user info) and have those changes reflected in eGW as well.
I tried out this component but all I could get it to do was to synchronize passwords between existing users of both systems (matching on their usernames). Documentation is in Portuguese so I might have missed something in translation. Also I've checked out JFusion but it as yet has nothing available for a bridge to eGW.
Any general advice on how to proceed is greatly appreciated. I have some Joomla experience but not much at writing extensions/modules; would it be easier for me to try to adapt JFusion or something like that or to write something myself?
The best approach would be to write two Joomla plugins: one of the authentication type that will create the session in eGW when someone logs into Joomla, then one of the user type that will respond to the onAfterStoreUser event and update the profile in eGW. This way, you won't be hacking either Joomla or eGW. There's a tutorial on creating authentication plugins for Joomla here: http://docs.joomla.org/Tutorial:Creating_an_Authentication_Plugin_for_Joomla_1.5 Creating a user plugin will be a similar process, only you'll be responding to the onAfterStoreUser event.