Managing beans based on URL query parameters
I was just reading this thread with interest, but it didn't come to the conclusion that I need.
http://forum.java.sun.com/thread.jsp?forum=427&thread=441432
In that thread, there were two screens: a table of links to employees and an "edit employee" page. The solution was to use the command_action on the list create an "employee data" bean, which could then be edited on the "edit employee" page.
My problem is that I need to create some session beans based on query parameters in the URL. Using the example above, I'd have something like: http://localhost/app/editEmployee?empNo=38
Why? Because the user can bookmark the edit employee page, have two
browser windows open (which would require two seperate employee data beans), etc... and we need to handle that. It looks like
that means I can't use the solution in the above thread.
My current thought is to create a managed-bean with request scope and have it create the EmployeeData bean.
Another idea is to somehow initialize the bean with managed-properties
<managed-bean>
<managed-bean-name>EmpBean</managed-bean-name>
<managed-bean-class>com.mycompany.EmpBean</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
<managed-property>
<property-name>employeeID</property-name>
<value-ref>queryParamBean</value-ref>
</managed-property>
</managed-bean>
<!--
just returns FacesContext.getCurrentInstance().getServletRequest().getParameter("id")
-->
<managed-bean>
<managed-bean-name>queryParamBean</managed-bean-name>
<managed-bean-class>com.mycompany.QueryParamBean</managed-bean-class>
<managed-bean-scope>none</managed-bean-scope>but that seems kinda hacky. Any other ideas?
Excellent, using requestScope gets rid of the queryParamBean hack from my first post. For some reason I thought value-ref evaluatations only resolved against stuff the VariableResolver can see. That's not the case. Thanks.
Unfortunately, this bean really wants to be cached on the session, not the request. I suppose it would be possible to have EmpBean delegate to a bean which is actually cached on the session, but that feels like a hack too (and is a lot of glue code).
So, I think I'm back to the factory, which can handle creating the bean from the query params, caching it, and putting it on the servlet request. I also got a visit from Captain Obvious and realized that the factory could just be a scriplet.
<% BeanCreator.createBean("com.company.EmpBean", request.getParameter("id")); %>which also isn't great, but is perhaps easier to understand than the BeanCreator from above. I looked into using EL Functions in the variable resolver for the factory, but it doesn't look like that's possible. It's probably possible to extend VariableResolver to add factory methods for managed-beans, which might be the cleanest solution. I'm thinking something like
<managed-bean>
<managed-bean-name>Emp</managed-bean-name>
<managed-bean-factory>
<factory-name>com.company.BeanFactory.getBean</factory-name>
<bean-class>com.company.EmpBean</bean-class>
<arg-value-ref>sessionScope.id</arg-value-ref>
</managed-bean-factory>But for now, the current two hacks are:
#1: to create a URL use plain html <href>.
#2: use a factory method (varying implementions) to create the bean, cache it, and put it on the servlet request
Similar Messages
-
Hi all, I keep running into situations where I need to parse the parameters from the query string of a URL. I'm not using Servlets or anything like that.
After much frustration with not being able to find a decent parser, I wrote one myself, and thought I would offer it to others who might be fighting the same thing. If you use these, please keep the source code comments in place!
Here it is:
* Written by: Kevin Day, Trumpet, Inc. (c) 2003
* You are free to use this code as long as these comments
* remain in tact.
* Parse parameters from the query segment of a URL
* Pass in the query segment, and it returnes a MAP
* containing entries for each Name.
* Each map entry is a List of values (it is legal to
* have multiple name-value pairs in a URL query
* that have the same name!
static public Map getParamsFromQuery(String q) throws InvalidParameterException{
* Query, q, can be of the form:
* <blank>
* name
* name=
* name="value"
* name="value"&
* name="value"&name2
* name="value"&name2="value2"
* name="value"&name="value"
* name="value & more"&name2="value"
Map params = new HashMap();
StringBuffer name = new StringBuffer();
StringBuffer val = new StringBuffer();
StringBuffer out = null;
boolean inString = false;
boolean readingName = true; // are we reading the name or the value?
int i = -1;
int qlen = q.length();
out = name;
while (i < qlen){
char c = ++i < qlen ? q.charAt(i) : '&';
if (inString){
if (c != '\"')
out.append(c);
else
inString = false;
} else if (c == '&') {
String nameStr = cleanEscapes(name.toString());
String valStr = cleanEscapes(val.toString());
List valList = (List)params.get(nameStr);
if (valList == null){
valList = new LinkedList();
params.put(nameStr, valList);
valList.add(valStr);
name.setLength(0);
val.setLength(0);
out = name;
} else if (c == '=') {
out = val;
} else if (c == '\"') {
inString = true;
} else {
out.append(c);
if (inString) throw new InvalidParameterException("Unexpected end of query string " + q + " - Expected '\"' at position " + i);
return params;
static private String cleanEscapes(String s){
try {
return URLDecoder.decode(s, "UTF-8");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
return s;
You'll also need to create a new Exception class called InvalidParameterException.
Cheers,
- KevinBecause javax.servlet.* is not included in the
standard Java distribution. I am writing my own
mini-web server interface for applications and don'tSounds like an interesting project, have you thought about implementing the Servlet API (or a subset)? It is well known to developers, and I dont think it would require that much extra work, but that would depend on mini mini is of course =).
want to add that dependency nastiness just to get a
parser...OK, I was just curious. -
Solution to parse URL query parameters
I would like to parse query parameters in a URL GET request. I want to know if there is an efficient solution.
e.g. http://www.google.com?search=red&query=blue
I want to get "search", "red", "query", "blue" strings. I am not sure whether using StringTokenizer is the efficient solution.
Thanks
JawaharStringTokenizer st = new StringTokenizer("http://www.google.com?search=red&query=blue","?&=",true);
Properties params = new Properties();
String previous = null;
while (st.hasMoreTokens())
String current = st.nextToken();
if ("?".equals(current) || "&".equals(current))
//ignore
}else if ("=".equals(current))
params.setProperty(URLDecoder.decode(previous),URLDecoder.decode(st.nextToken()));
}else{
previous = current;
params.store(System.out,"PARAMETERS"); -
Query with bind variable, how can use it in managed bean ?
Hi
I create query with bind variable (BindControlTextValue), this query return description of value that i set in BindControlTextValue variable, how can i use this query in managed bean? I need to set this value in String parameter in managed bean.
ThanksPut the query in a VO and execute it the usual way.
If you need to, you can write a parameterized method in VOImpl that executes the VO query with the parameter and then call that method from the UI (as a methodAction binding) either through the managed bean or via a direct button click on the page. -
Initialize managed bean from request parameters
Hi:
I thought this topic would be on the FAQ, but I couldn't find it. I am looking for a mean to initialize my managed bean from the query string. There must be something like:
<h:form initializeBean=""true"" requestParameter=""id_author"" beanProperty=""#{author.id_author}"" action=""#{author.getFromDB}"" >
</form>
The url would be something like http://localhost:8080/protoJSF/showAuthor.jsf?id_author=5334
And the getFromDB method would be something like
Public void getFromDB()
Statement stmt = cn.createStatement( ?SELECT * from author where id_author=? + getId_author() );
ResultSet rs = stmt.executeQuery();
}The only way I've found to perform something like this is to present a blank author form with a ''load data'' button: after pressing the button the user can see author's data and edit the data if she wants to. This two-step data screening is annoying, to say the least.
There must be a better way.
I beg for a pointer on how can I achieve the initializing of a managed bean with dynamic data.
Regards
Alberto GaonaYou just have to read carefully the very fun 289 pages
specification :-)Or, if 289 pages of JavaServer Faces is too much, you can get almost all of the same information from the JavaServer Pages 2.0 specification, or even the JSP Standard Tag Libraries specification :-).
More seriously, the standard set of "magic" variable names that JavaServer Faces recognizes is the same as that reognized by the EL implementations in JSP and JSTL. Specifically:
* applicationScope - Map of servlet context attributes
* cooke - Map of cookies in this request
* facesContext - The FacesContext instance for this request
* header - Map of HTTP headers (max one value per header name)
* headerValues - Map of HTTP headers (String array of values per header name)
* initParam - Map of context initialization parameters for this webapp
* param - Map of request parameters (max one value per parameter name)
* paramMap - Map of request parameters (String array of values per parameter name)
* requestScope - Map of request attributes for this request
* sessionScope - Map of session attributes for this request
* view - The UIViewRoot component at the base of the component tree for this view
If you use a simple name other than the ones on this list, JavaServer Faces will search through request attributes, session attributes, and servlet context (application) attributes. If not found, it will then try to use the managed bean facility to create and configure an appropriate bean, and give it back to you.
For extra fun, you can even create your own VariableResolver that can define additional "magic" variable names known to your application, and delegate to the standard VariableResolver for anything else.
Craig McClanahan -
Managed bean/Data exchange between two ADF Rich Faces based applications
Hi,
I have been trying to research what seems to be a small issue. My requirements are as follows.
1. I need to be able to pass managed bean information from one ADF Rich Faces based application to another (in two separate ears) at runtime (e.g. from Ear1: SenderApp/Sender.jspx -> Ear2: ReceiverApp/Receiver.jspx).
2. I do not want to use the database as my applications need to be performant.
3. Serialization/de-serialization would fall pretty much under the database category. In other words, I like to avoid Serialization/de-serialization of the managed bean.
4. I cannot use query string due to security issues.
My question is as follows:
1. Is there any standard/architecture/best practices for data exchange of backing beans or other forms between two ADF Rich Faces based apps (in two separate ears)?
2. Has someone found anything similar to an applicationScope that works across applications?
I would appreciate any ideas.
Thanks very much,
Edited by: user11219846 on Jul 23, 2009 2:38 PM
Edited by: user11219846 on Jul 23, 2009 2:42 PMHi,
its not an ADF Faces problem, but not possible in Java EE. You can however fallback to vendor specific implementations like in WLS. From the WebLogic documentation : http://e-docs.bea.com/wls/docs103/webapp/sessions.html
Enabling Web applications to share the same session*
By default, Web applications do not share the same session. If you would like Web applications to share the same session, you can configure the session descriptor at the application level in the weblogic-application.xml deployment descriptor. To enable Web applications to share the same session, set the sharing-enabled attribute in the session descriptor to true in the weblogic-application.xml deployment descriptor. See “sharing-enabled” in session-descriptor.
The session descriptor configuration that you specify at the application level overrides any session descriptor configuration that you specify at the Web application level for all of the Web applications in the application. If you set the sharing-enabled attribute to true at the Web application level, it will be ignored.
All Web applications in an application are automatically started using the same session instance if you specify the session descriptor in the weblogic-application.xml deployment descriptor and set the sharing-enabled attribute to true as in the following example:
+<?xml version="1.0" encoding="ISO-8859-1"?>+
+<weblogic-application xmlns="http://www.bea.com/ns/weblogic/90";;>+
+...+
<session-descriptor>
+<persistent-store-type>memory</persistent-store-type>+
+<sharing-enabled>true</sharing-enabled>+
+...+
+</session-descriptor>+
+...+
+</weblogic-application>+
Frank -
How to call a AM method with parameters from Managed Bean?
Hi Everyone,
I have a situation where I need to call AM method (setDefaultSubInv) from Managed bean, under Value change Listner method. Here is what I am doing, I have added AM method on to the page bindings, then in bean calling this
Class[] paramTypes = { };
Object[] params = { } ;
invokeEL("#{bindings.setDefaultSubInv.execute}", paramTypes, params);
This works and able to call this method if there are no parameters. Say I have to pass a parameter to AM method setDefaultSubInv(String a), i tried calling this from the bean but throws an error
String aVal = "test";
Class[] paramTypes = {String.class };
Object[] params = {aVal } ;
invokeEL("#{bindings.setDefaultSubInv.execute}", paramTypes, params);
I am not sure this is the right way to call the method with parameters. Can anyone tell how to call a AM method with parameters from Manage bean
Thanks,
San.Simply do the following
1- Make your Method in Client Interface.
2- Add it to Page Def.
3- Customize your Script Like the below one to Achieve your goal.
BindingContainer bindings = getBindings();
OperationBinding operationBinding = bindings.getOperationBinding("GetUserRoles");
operationBinding.getParamsMap().put("username", "oracle");
operationBinding.getParamsMap().put("role", "F1211");
operationBinding.getParamsMap().put("Connection", "JDBC");
Object result = operationBinding.execute();
if (!operationBinding.getErrors().isEmpty()) {
return null;
return null;
i hope it help you
thanks -
"Source not found" Error creating URL Data control with query parameters
Hi,
I have a restful service for which i want to create a URL data control. I am able to create the URL data control successfully when i am not passing any parameters in the Source field. But if i am specifying the parameters in the source field like this Department=##ParamName##, something weird is happening. After giving the param string in the Source field, it asks for default param value to test the url. It tests the url successfully. After that i select XML as the data format in which i am mentioning the xsd like this . "file:///C:/..../something.xsd" . And this is when i am getting the error. "Invalid Connection. The source is not found". I am giving exactly same path for xsd which i gave while creating URL data control without query parameters. Infact i was able to create the URL data control with query parameters successfully till afternoon. after that it started giving me this error all of a sudden. Infact as soon as i was able to create a URL data contol with query parameter successfully, i took a backup of the application before moving further. But even that backup is not working now.
As far as i understand, i dont think there will be any change in xsd if query params are passed to a web service. Please correct me if i am wrong.
Just dont know what could be the issue. Please help
ThanksHi,
xsd is used for the URL service to know what the returned data structure is so it can create the ADF DC metadata
Frank -
How to query data from database and store it into Managed Bean ?
Hi all,
In our application we have requirement to store information within Managed Bean to be accessed by ADF pages.
The information is stored in database tables.
The question is :
What is the efficient / recommended way to do that ?
I do not use apps module to query the data because the information is required in View layer not the model layer
Thank you for your help,
xtantoXtanto,
if the information is stored in the database then the question is if there is a database connect open already. If yes, then why not using this connection to query for the data you want to access and store. Alternatively you can directly open a JDBC connection in a managed bean or access an EJB session bean. However, this comes with the price of an extra database connection.
Make sure the managed bean is in session scope if you want to share the information without re-fetching it
Frank -
hi
i have some idea about setwhereClause() method ..... but in my case i want to use one SQL query (select * from tab )...i dont know how to use ....
(without view object we cant use setwhereclause() method thatsy i have to use sql statement in managed bean ........)
thanks in advanceFirst of all, you don't want to have any SQL in a managed bean. Managed beans are part of the View layer, and the query should be part of the Model. So what you want to do is add some code to your Model project. So you are trying to do "SELECT * FROM tab". Why not just create a read-only View Object (VO) for the query in the Model (assuming that you are using ADF BC).
Now as for setWhereClause - what do you need in your where clause? You can add where clauses to the query that defines your VO, without needing to resort to using this method. You can even add bind variables for the where clauses, and just drag the ExecuteWithParams method onto your pages, which will give you a place to set the bind variables before executing the query.
You can create your own method in the VO's implementation class, in which you may call setWhereClauseParam to gain more control over how the bind variables are set. Then you make the method available as an operation in the data controls by making it an exposed method to the client interface. You can use setWhereClause in such a method if you need to do so, but there are good performance reasons not to do so if a bind variable will do the job. setWhereClause can also set you up for SQL Injection attacks on your application's security. -
Using container managed form-based security in JSF
h1. Using container managed, form-based security in a JSF web app.
A Practical Solution
h2. {color:#993300}*But first, some background on the problem*{color}
The Form components available in JSF will not let you specify the target action, everything is a post-back. When using container security, however, you have to specifically submit to the magic action j_security_check to trigger authentication. This means that the only way to do this in a JSF page is to use an HTML form tag enclosed in verbatim tags. This has the side effect that the post is not handled by JSF at all meaning you can't take advantage of normal JSF functionality such as validators, plus you have a horrible chimera of a page containing both markup and components. This screws up things like skinning. ([credit to Duncan Mills in this 2 years old article|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form&more=1&c=1&tb=1&pb=1]).
In this solution, I will use a pure JSF page as the login page that the end user interacts with. This page will simply gather the input for the username and password and pass that on to a plain old jsp proxy to do the actual submit. This will avoid the whole problem of having to use verbatim tags or a mixture of JSF and JSP in the user view.
h2. {color:#993300}*Step 1: Configure the Security Realm in the Web App Container*{color}
What is a container? A container is basically a security framework that is implemented directly by whatever app server you are running, in my case Glassfish v2ur2 that comes with Netbeans 6.1. Your container can have multiple security realms. Each realm manages a definition of the security "*principles*" that are defined to interact with your application. A security principle is basically just a user of the system that is defined by three fields:
- Username
- Group
- Password
The security realm can be set up to authenticate using a simple file, or through JDBC, or LDAP, and more. In my case, I am using a "file" based realm. The users are statically defined directly through the app server interface. Here's how to do it (on Glassfish):
1. Start up your app server and log into the admin interface (http://localhost:4848)
2. Drill down into Configuration > Security > Realms.
3. Here you will see the default realms defined on the server. Drill down into the file realm.
4. There is no need to change any of the default settings. Click the Manage Users button.
5. Create a new user by entering username/password.
Note: If you enter a group name then you will be able to define permissions based on group in your app, which is much more usefull in a real app.
I entered a group named "Users" since my app will only have one set of permissions and all users should be authenticated and treated the same.
That way I will be able to set permissions to resources for the "Users" group that will apply to all users that have this group assigned.
TIP: After you get everything working, you can hook it all up to JDBC instead of "file" so that you can manage your users in a database.
h2. {color:#993300}*Step 2: Create the project*{color}
Since I'm a newbie to JSF, I am using Netbeans 6.1 so that I can play around with all of the fancy Visual Web JavaServer Faces components and the visual designer.
1. Start by creating a new Visual Web JSF project.
2. Next, create a new subfolder under your web root called "secure". This is the folder that we will define a Security Constraint for in a later step, so that any user trying to access any page in this folder will be redirected to a login page to sign in, if they haven't already.
h2. {color:#993300}*Step 3: Create the JSF and JSP files*{color}
In my very simple project I have 3 pages set up. Create the following files using the default templates in Netbeans 6.1:
1. login.jsp (A Visual Web JSF file)
2. loginproxy.jspx (A plain JSPX file)
3. secure/securepage.jsp (A Visual Web JSF file... Note that it is in the sub-folder named secure)
Code follows for each of the files:
h3. {color:#ff6600}*First we need to add a navigation rule to faces-config.xml:*{color}
<navigation-rule>
<from-view-id>/login.jsp</from-view-id>
<navigation-case>
<from-outcome>loginproxy</from-outcome>
<to-view-id>/loginproxy.jspx</to-view-id>
</navigation-case>
</navigation-rule>
NOTE: This navigation rule simply forwards the request to loginproxy.jspx whenever the user clicks the submit button. The button1_action() method below returns the "loginproxy" case to make this happen.
h3. {color:#ff6600}*login.jsp -- A very simple Visual Web JSF file with two input fields and a button:*{color}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
<jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
<f:view>
<webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:textField binding="#{login.username}"
id="username" style="position: absolute; left: 216px; top:
96px"/>
<webuijsf:passwordField binding="#{login.password}" id="password"
style="left: 216px; top: 144px; position: absolute"/>
<webuijsf:button actionExpression="#{login.button1_action}"
id="button1" style="position: absolute; left: 216px; top:
216px" text="GO"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
</webuijsf:page>
</f:view>
</jsp:root>h3. *login.java -- implent the
button1_action() method in the login.java backing bean*
public String button1_action() {
setValue("#{requestScope.username}",
(String)username.getValue());
setValue("#{requestScope.password}", (String)password.getValue());
return "loginproxy";
}h3. {color:#ff6600}*loginproxy.jspx -- a login proxy that the user never sees. The onload="document.forms[0].submit()" automatically submits the form as soon as it is rendered in the browser.*{color}
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
version="2.0">
<jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
doctype-system="http://www.w3.org/TR/html4/loose.dtd"
doctype-public="-W3CDTD HTML 4.01 Transitional//EN"/>
<jsp:directive.page contentType="text/html"
pageEncoding="UTF-8"/>
<html>
<head> <meta
http-equiv="Content-Type" content="text/html;
charset=UTF-8"/>
<title>Logging in...</title>
</head>
<body
onload="document.forms[0].submit()">
<form
action="j_security_check" method="POST">
<input type="hidden" name="j_username"
value="${requestScope.username}" />
<input type="hidden" name="j_password"
value="${requestScope.password}" />
</form>
</body>
</html>
</jsp:root>
{code}
h3. {color:#ff6600}*secure/securepage.jsp -- A simple JSF{color}
target page, placed in the secure folder to test access*
{code}
<?xml version="1.0" encoding="UTF-8"?>
<jsp:root version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
<jsp:directive.page
contentType="text/html;charset=UTF-8"
pageEncoding="UTF-8"/>
<f:view>
<webuijsf:page
id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1"
url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:staticText id="staticText1" style="position:
absolute; left: 168px; top: 144px" text="A Secure Page"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
</webuijsf:page>
</f:view>
</jsp:root>
{code}
h2. {color:#993300}*_Step 4: Configure Declarative Security_*{color}
This type of security is called +declarative+ because it is not configured programatically. It is configured by declaring all of the relevant parameters in the configuration files: *web.xml* and *sun-web.xml*. Once you have it configured, the container (application server and java framework) already have the implementation to make everything work for you.
*web.xml will be used to define:*
- Type of security - We will be using "form based". The loginpage.jsp we created will be set as both the login and error page.
- Security Roles - The security role defined here will be mapped (in sun-web.xml) to users or groups.
- Security Constraints - A security constraint defines the resource(s) that is being secured, and which Roles are able to authenticate to them.
*sun-web.xml will be used to define:*
- This is where you map a Role to the Users or Groups that are allowed to use it.
+I know this is confusing the first time, but basically it works like this:+
*Security Constraint for a URL* -> mapped to -> *Role* -> mapped to -> *Users & Groups*
h3. {color:#ff6600}*web.xml -- here's the relevant section:*{color}
{code}
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description/>
<url-pattern>/faces/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name/>
<form-login-config>
<form-login-page>/faces/login.jsp</form-login-page>
<form-error-page>/faces/login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>User</role-name>
</security-role>
{code}
h3. {color:#ff6600}*sun-web.xml -- here's the relevant section:*{color}
{code}
<security-role-mapping>
<role-name>User</role-name>
<group-name>Users</group-name>
</security-role-mapping>
{code}
h3. {color:#ff6600}*Almost done!!!*{color}
h2. {color:#993300}*_Step 5: A couple of minor "Gotcha's"_ *{color}
h3. {color:#ff6600}*_Gotcha #1_*{color}
You need to configure the "welcome page" in web.xml to point to faces/secure/securepage.jsp ... Note that there is *_no_* leading / ... If you put a / in there it will barf all over itself .
h3. {color:#ff6600}*_Gotcha #2_*{color}
Note that we set the <form-login-page> in web.xml to /faces/login.jsp ... Note the leading / ... This time, you NEED the leading slash, or the server will gag.
*DONE!!!*
h2. {color:#993300}*_Here's how it works:_*{color}
1. The user requests the a page from your context (http://localhost/MyLogin/)
2. The servlet forwards the request to the welcome page: faces/secure/securepage.jsp
3. faces/secure/securepage.jsp has a security constraint defined, so the servlet checks to see if the user is authenticated for the session.
4. Of course the user is not authenticated since this is the first request, so the servlet forwards the request to the login page we configured in web.xml (/faces/login.jsp).
5. The user enters username and password and clicks a button to submit.
6. The button's action method stores away the username and password in the request scope.
7. The button returns "loginproxy" navigation case which tells the navigation handler to forward the request to loginproxy.jspx
8. loginproxy.jspx renders a blank page to the user which has hidden username and password fields.
9. The hidden username and password fields grab the username and password variables from the request scope.
10. The loginproxy page is automatically submitted with the magic action "j_security_check"
11. j_security_check notifies the container that authentication needs to be intercepted and handled.
12. The container authenticates the user credentials.
13. If the credentials fail, the container forwards the request to the login.jsp page.
14. If the credentials pass, the container forwards the request to *+the last protected resource that was attempted.+*
+Note the last point! I don't know how, but no matter how many times you fail authentication, the container remembers the last page that triggered authentication and once you finally succeed the container forwards your request there!!!!+
+The user is now at the secure welcome page.+
If you have read this far, I thank you for your time, and I seriously question your ability to ration your time pragmatically.
Kerry RandolphIf you want login security on your web app, this is one way to do it. (the easiest way i have seen).
This method allows you to create a custom login form and error page using JSF.
The container handles the actual authentication and protection of the resources based on what you declare in web.xml and sun-web.xml.
This example uses a statically defined user/password, stored in a file, but you can also configure JDBC realm in Glassfish, so that that users can register for access and your program can store the username/passwrod in a database.
I'm new to programming, so none of this may be a good practice, or may not be secure at all.
I really don't know what I'm doing, but I'm learning, and this has been the easiest way that I have found to add authentication to a web app, without having to write the login modules yourself.
Another benefit, and I think this is key ***You don't have to include any extra code in the pages that you want to protect*** The container manages this for you, based on the constraints you declare in web.xml.
So basically you set it up to protect certain folders, then when any user tries to access pages in that folder, they are required to authenticate.
--Kerry -
Generate PDF using Managed Bean with custom HTTP headers
Background
Generate a report in various formats (e.g., PDF, delimited, Excel, HTML, etc.) using JDeveloper 11g Release 2 (11.1.2.3.0) upon clicking an af:commandButton. See also the StackOverflow version of this question:
http://stackoverflow.com/q/13654625/59087
Problem
HTTP headers are being sent twice: once by the framework and once by a bean.
Source Code
The source code includes:
- Button Action
- Managed Bean
- Task Flow
Button Action
The button action:
<af:commandButton text="Report" id="submitReport" action="Execute" />
Managed Bean
The Managed Bean is fairly complex. The code to `responseComplete` is getting called, however it does not seem to be called sufficiently early to prevent the application framework from writing the HTTP headers.
HTTP Response Header Override
* Sets the HTTP headers required to indicate to the browser that the
* report is to be downloaded (rather than displayed in the current
* window).
protected void setDownloadHeaders() {
HttpServletResponse response = getServletResponse();
response.setHeader( "Content-Description", getContentDescription() );
response.setHeader( "Content-Disposition", "attachment, filename="
+ getFilename() );
response.setHeader( "Content-Type", getContentType() );
response.setHeader( "Content-Transfer-Encoding",
getContentTransferEncoding() );
Issue Response Complete
The bean indirectly tells the framework that the response is handled (by the bean):
getFacesContext().responseComplete();
Bean Run and Configure
public void run() {
try {
Report report = getReport();
configure(report.getParameters());
report.run();
} catch (Exception e) {
e.printStackTrace();
private void configure(Parameters p) {
p.put(ReportImpl.SYSTEM_REPORT_PROTOCOL, "http");
p.put(ReportImpl.SYSTEM_REPORT_HOST, "localhost");
p.put(ReportImpl.SYSTEM_REPORT_PORT, "7002");
p.put(ReportImpl.SYSTEM_REPORT_PATH, "/reports/rwservlet");
p.put(Parameters.PARAM_REPORT_FORMAT, "pdf");
p.put("report_cmdkey", getReportName());
p.put("report_ORACLE_1", getReportDestinationType());
p.put("report_ORACLE_2", getReportDestinationFormat());
Task Flow
The Task Flow calls Execute, which refers to the bean's `run()` method:
entry -> main -> Execute -> ReportBeanRun
Where:
<method-call id="ReportBeanRun">
<description>Executes a report</description>
<display-name>Execute Report</display-name>
<method>#{reportBean.run}</method>
<outcome>
<fixed-outcome>success</fixed-outcome>
</outcome>
</method-call>
The bean is assigned to the `request` scope, with a few managed properties:
<control-flow-rule id="__3">
<from-activity-id>main</from-activity-id>
<control-flow-case id="ExecuteReport">
<from-outcome>Execute</from-outcome>
<to-activity-id>ReportBeanRun</to-activity-id>
</control-flow-case>
</control-flow-rule>
<managed-bean id="ReportBean">
<description>Executes a report</description>
<display-name>ReportBean</display-name>
<managed-bean-scope>request</managed-bean-scope>
</managed-bean>
The `<fixed-outcome>success</fixed-outcome>` strikes me as incorrect -- I don't want the method call to return to another task.
Restrictions
The report server receives requests from the web server exclusively. The report server URL cannot be used by browsers to download directly, for security reasons.
Error Messages
The error message that is generated:
Duplicate headers received from server
Error 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION): Multiple distinct Content-Disposition headers received. This is disallowed to protect against HTTP response splitting attacks.Nevertheless, the report is being generated. Preventing the framework from writing the HTTP headers would resolve this issue.
Question
How can you set the HTTP headers in ADF while using a Task Flow to generate a PDF by calling a managed bean?
Ideas
Some additional ideas:
- Override the Page Lifecycle Phase Listener (`ADFPhaseListener` + `PageLifecycle`)
- Develop a custom Servlet on the web server
Related Links
- http://www.oracle.com/technetwork/middleware/bi-publisher/adf-bip-ucm-integration-179699.pdf
- http://www.slideshare.net/lucbors/reports-no-notes#btnNext
- http://www.techartifact.com/blogs/2012/03/calling-oracle-report-from-adf-applications.html?goback=%2Egde_4212375_member_102062735
- http://docs.oracle.com/cd/E29049_01/web.1112/e16182/adf_lifecycle.htm#CIABEJFB
Thank you!The problem was that the HTTP headers were in fact being written twice:
1. The report server was returning HTTP response headers.
2. The bean was including its own HTTP response headers (as shown in the question).
3. The bean was copying the entire contents of the report server response, including the headers, into the output stream.
Firefox ignored the duplicate header errors, but Google Chrome did not. -
How to Generate a Report Based on User's Parameters from Web Site
Hi, all,
I am trying to use Oracle Developer 6.0 Report Builder to generate report based on what user types in from the web site. Since I am a novice, I am wondering if anybody would help me with the following questions:
1. How can I create a report based on user's parameters?
Assuming that I have 2 text fields EMPNO and DEPT on the web site, after user types in some value, how can I pass these parameters into my query, can I do something like:
select ENAME, JOB, EADDRESS from EMP
where EMPNO =
some_reference_of_parameters_from_user
or is there any other way to achieve this functionality?
2. How can I pass a PDF format report back to user after the report is generated?
Any help is greately appreciated!!
Best regards.
JudyHello,
In the Report Builder, create two user parameters, and set the parameter name, datatype, width, and default values to what you want. Modify the query and put in a where clause (e.g., where deptno = :p_deptno). When you request the report with PARAMFORM=YES on the URL, it'll generate a default parameter form in HTML and allow the user to enter in the selected parameter values. Also set DESTYPE=CACHE&DESFORMAT=PDF on the URL to get the output back as PDF.
If you upgrade to Reports 6i, you can customize the default HTML parameter form.
Regards,
The Oracle Reports Team --skw -
How to set hidden value in managed bean?
Hi
I have the following :
<a4j:commandButton
id="commandButton3"
action="#{backing_CustSearchBean.serchCustomer}"
image="images/btn_search.gif"
style="position: relative; margin-right: 5px;"
actionListener="#{backing_CustSearchBean.checkText}"
immediate="true"
status="wait"
oncomplete="showQuickCreate()"
>
<h:inputHidden id="jsfHidden" binding="#{backing_CustSearchBean.jsfHidden}" />
<a4j:status id="wait">
<f:facet name="start" >
<h:graphicImage url="images/SpinGear2.gif" style="position: absolute; left: 378px; top: 216px; width: 19px; height: 18px;"/>
</f:facet>
</a4j:status>
</a4j:commandButton>when the action goes in the managed bean I want to set the value of hidden parameter "jsfHidden" in managed bean and catch it in showQuickCreate (oncomplete="showQuickCreate()" ) javascript function on return to the page.
Please help, how should I do it?I know nothing about a4j, but if you want to pass new parameters from JSF to the backing bean, then use f:param for commandlinks or f:attribute for commandbuttons.
The h:inputHidden just saves backing bean properties from request to request. You can't set or change it from within the JSF.
Not sure if the f:attribute will work for the a4j commandbutton (check if they have a support forum at their website?)
Also see http://balusc.xs4all.nl/srv/dev-jep-com.html about passing parameters and accessing objects and beans in the facescontext. -
Get component Id in managed bean
Hi experts,
I am going to ask a foolish question, but since i'm a newbie i hope you'll forgive me .
I am using JDev version: 11.1.2.3.0. My question is: Is it possible to get a component id inside a managed bean? By components i mean, buttons or menu items. The scenario i would like to create is this:
I am using JasperReports to generate some required reports. I would like to do something like having a Menu with different items. By clicking each one of them, set a string in the managed bean i'm using to generate the reports (actually the string would be the name of the jrxml file i am going to load). And this string would get it's value based on which menu item is selected.
Is it possible to do such a thing? Or may be some other way would be more suitable?
Thank you in advance!MenuRenderer is a class that renders the current value of
UISelectOne or UISelectMany component as a list of
menu options and makes use of getId.
https://www.google.ca/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCwQFjAA&url=http%3A%2F%2Fjava.net%2Fprojects%2Fmoja…
Maybe you are looking for
-
Can't see pictures from Ipad in Windows Explorer (usb camera)
When I had around 3000 pictures in my Ipad, there's no problem to delete all at once from windows using the explorer and the ipad as a usb camera. But now I have around 6000 pictures and when I try to see the pictures, windows shows two messages: 1 t
-
I'm having trouble with importing data from excel. I'm using HiQ version 4.5 and during import spurious data seems to appear after import. doesn't inspire confidence in software quality
-
Where to find the XSLT used for the standard interface in SAP ME 5.2 SP05?
Hallo! Starting with SAP ME 5.2 SP05 there is a new logic for the standard interface used in SAPMEINT. I wonder where to find the XSLT's that are used for transforming the XML messages? I can see from the SAP NW log: [Transaction: -1] starting execut
-
I erased my drive on Macbook pro, trying to re-install os x Maverick but it is not available on App store, what should I do?
-
Idea - Script to close a tab ?
Hello, I like Safari opening new windows in tabs. I have Safari set to block pop-ups, but occasionally one sneaks through. When they open in tabs it is nice as I can see them and they don't hide under another layer. When a pop-up ad opens in a new ta