Configurable success URL for security.loginForm on per component render basis #2
Comments
|
Yes, federated accounts sign-in components already support returnPageName @parameter (return page is Oauth specific term). While the LoginForm was meant mainly as an example rather than reusable component, we can add support for the more common use cases. Take a look at https://github.com/tynamo/tynamo-federatedaccounts/blob/master/tynamo-federatedaccounts-core/src/main/java/org/tynamo/security/federatedaccounts/base/AbstractOauthSignIn.java and go ahead and implement getSuccessPageUri() similar to getReturnPageUri() (with caret support!) and I'll merge that in. |
|
Thanks, will do. |
|
I have started to implement this feature based on For other pages than the current one it is not possible to pass context or parameters. @Parameter(defaultPrefix = BindingConstants.LITERAL, value = "prop:defaultSuccessURL")
private String successURL;
@Inject
@Symbol(SecuritySymbols.SUCCESS_URL)
@Property(write = false)
private String defaultSuccessURL;
private String getSuccessPageUri()
{
if ("^".equals(successURL))
{
return pageRenderLinkSource.createPageRenderLink(componentResources.getPage().getClass()).toAbsoluteURI();
}
if (StringUtils.hasText(getSuccessURL()))
{
return getSuccessURL();
}
else
{
// Empty returnpageName denotes a base url. Default for default return page may be set to a non empty value.
// If default is empty and not locally overridden, return the baseurl
return baseURLSource.getBaseURL(request.isSecure());
}
}
public String getSuccessURL()
{
return StringUtils.hasText(successURL) ? successURL : defaultSuccessURL;
}I was trying to research how would this should be done in the tapestry way, but this is I could come up. @kaosko is this the right direction to support link context and parameters? |
|
The client code looks like this: Login.tml: <t:security.loginForm successURL="prop:successURL">
</t:security.loginForm>Login.java @ActivationRequestParameter("successURL")
@Property
private String successURL;Page that is navigating to Login page with custom successURL. <a t:type="pagelink" t:page="user/Login" t:parameters="loginQueryParams" class="navbar-button">
<button class="btn btn-primary">${message:login}</button>
</a>.java @Inject
private Request request;
public Map<String, Object> getLoginQueryParams()
{
final Map<String, Object> queryParams = new HashMap<>();
queryParams.put("successURL", this.request.getPath()); //getPath() returns URL containing the page context
return queryParams;
} |
|
Shiro's savedRequest cookies is meant exactly for that use case. support for savedRequest is meant to address the use case but comment out because the functionality was pushed down to LoginContextService Impl. You use a query parameter instead - wouldn't it be easier to just override LoginContextService for your purposes? (Just asking, it's quite possible I'm missing something from the picture). |
…ity.loginForm component
[#2] Configurable success URL for LoginContextService and security.login...
component render basis - remove LoginContextService.getSuccessPage(String successURL). It's semantically incorrect and unnecessary since the loginContextService doesn't need to be invoked if you return a user configured success url - revert changes to Login.java/.tml in 9bd7afe. Passing the success url as a context parameter makes ugly urls and the author of the pull request didn't explain why context parameter is in any way preferable to cookies. Typically, context represents the state and the already suggested use for the login page state is to convey the state of the user (unauthenticated, unauthorized, etc.). It's trivial to create a custom Login page and I expect most users to do so than try to use the one provided by default - keep LoginForm's successUrl component parameter and rework the test so it demonstrates the use case. It's relatively cheap to support and may have its use cases
|
Closing. @balapal, see comments in my commit to see what was kept and what changed and why. |
…ity.loginForm component
component render basis - remove LoginContextService.getSuccessPage(String successURL). It's semantically incorrect and unnecessary since the loginContextService doesn't need to be invoked if you return a user configured success url - revert changes to Login.java/.tml in 9bd7afe. Passing the success url as a context parameter makes ugly urls and the author of the pull request didn't explain why context parameter is in any way preferable to cookies. Typically, context represents the state and the already suggested use for the login page state is to convey the state of the user (unauthenticated, unauthorized, etc.). It's trivial to create a custom Login page and I expect most users to do so than try to use the one provided by default - keep LoginForm's successUrl component parameter and rework the test so it demonstrates the use case. It's relatively cheap to support and may have its use cases
It is possible to configure a default success URL via SecuritySymbols.SUCCESS_URL
I would like add a new optional parameter to security.loginForm to being able to redirect to different page than the one configured via SecuritySymbols.SUCCESS_URL.
The rationale behind that I would like to redirect to different pages depending where the user has come from.
How do you feel guys feel about this? Would you merge this feature to tapestry-security if I fork it?
The text was updated successfully, but these errors were encountered: