Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Amigoo Earth
How to prevent users without logging in from access specified resource?
October 16, 2012 6:24 PM
Answer

Amigoo Earth

Rank: New Member

Posts: 8

Join Date: October 15, 2012

Recent Posts

For example:
Logged in user is permitted to access any resource (it means any URIs inside the site. The same below).
Not logged in user is only permitted to access specified resource. Redirect to login page when URI not in "Allow List" is requested.

Precondition:
1. We deployed liferay PORTAL in webapps/ROOT, and a project containing a set of portlets in webapps/xyz.

What we have done.
1. We try to make a Servlet Filter in portlet, it can only filter the URI requested from the page that alreadyloaded, but can't hook the URI such as user typed in the browser address bar.
2. We try to make a Struts2 Interceptor in portlet, it can prevent from access some portlets, but before the interceptor fired, the page(which containing the portlets) had already shown.

Any suggestion is appreciate.
Bart Simpson
RE: How to prevent users without logging in from access specified resource?
October 15, 2012 2:00 AM
Answer

Bart Simpson

Rank: Liferay Master

Posts: 524

Join Date: August 29, 2011

Recent Posts

Why go through all that trouble, why not just use a
1servlet.service.events
hook and check condition there and redirect if required.
Amigoo Earth
RE: How to prevent users without logging in from access specified resource?
October 15, 2012 11:53 PM
Answer

Amigoo Earth

Rank: New Member

Posts: 8

Join Date: October 15, 2012

Recent Posts

Bart Simpson:
Why go through all that trouble, why not just use a
1servlet.service.events
hook and check condition there and redirect if required.


Thank you very much Bart.
Following your suggestion, We have tried to write a HOOK.
servlet.service.events.pre=com.foo.hook.action.LoginAccessControlAction
public class LoginAccessControlAction extends Action {
public LoginAccessControlAction() {
super();
}

public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException {
System.out.println(request.getRequestURL());
}
}

It's deployed and work fine itself.
The problem is that it's always print "http://localhost:8080/c/portal/layout", no matter what I have typed in address bar.
How can I obtain the real URL requested by user? Which is typed in address bar, or via AJAX etc.
Victor Zorin
RE: How to prevent users without logging in from access specified resource?
October 16, 2012 12:28 AM
Answer

Victor Zorin

Rank: Liferay Legend

Posts: 1178

Join Date: April 14, 2008

Recent Posts

Just another natural suggestion..., use public and private areas, where your public area would only contain a login page and the rest of portal content shall be defined in private zone. Does it address all your requirements? By default, any resource defined in private pages will not be accessible by guest users.

This is a typical setup for employee-access-only extranets.
Amigoo Earth
RE: How to prevent users without logging in from access specified resource?
October 16, 2012 1:11 AM
Answer

Amigoo Earth

Rank: New Member

Posts: 8

Join Date: October 15, 2012

Recent Posts

Thanks for your suggestion Victor. :-)
Unfortunately, our system has already been designed avoid the liferay "public and private areas" mechanism but implements the access control ourself.

@Bart,
Sorry to disturb you again.
Obtain the REAL url and user infomation is done like this:
String url = PortalUtil.getCurrentCompleteURL(request);
User user = PortalUtil.getUser(request);

Is the process next OK?
if(not logined user && some private page url){
response.sendRedirect(redirectURL such as login page);
}
Bart Simpson
RE: How to prevent users without logging in from access specified resource?
October 16, 2012 2:04 AM
Answer

Bart Simpson

Rank: Liferay Master

Posts: 524

Join Date: August 29, 2011

Recent Posts

The problem is that it's always print "http://localhost:8080/c/portal/layout", no matter what I have typed in address bar.

Sorry for the late reply,
You can check
1request.getQueryString()
which will give you the plid (that is the page layout id, that can be used to get the whole layout (page) record by using
1LayoutLocalServiceUtil
, and you can put checks for your conditions)
and for the process you described, looks fine
Amigoo Earth
RE: How to prevent users without logging in from access specified resource?
October 16, 2012 6:20 PM
Answer

Amigoo Earth

Rank: New Member

Posts: 8

Join Date: October 15, 2012

Recent Posts

Thanks again for your great key suggestion, Bart.
Following your warm heart tips, we finally achieve the goal.
The source snippet:
User user = PortalUtil.getUser(request);
String qString = request.getQueryString();
Properties ps = PropertiesUtil.load(qString);
String lId = ps.getProperty("p_l_id");
Layout layout = LayoutLocalServiceUtil.getLayout(Long.parseLong(lId));
long gId = layout.getGroupId();

if(user == null && gId != C_GROUP_ID_GUEST){
System.out.println("Redirect:"+rdr);
response.sendRedirect(rdr);
}
Bart Simpson
RE: How to prevent users without logging in from access specified resource?
October 16, 2012 9:04 PM
Answer

Bart Simpson

Rank: Liferay Master

Posts: 524

Join Date: August 29, 2011

Recent Posts

Good to know