Accessing session attributes
Locked
 
|
Chaps,
I've got a web server running ops that requires a user to log on. The login procedure expects a username of the form userif@realm e.h. [hidden email] As part of the login procedure, two session attributes are created, one called user.Userid with, in this case, a value of fred and one called user.Email which has their e-mail address as obtained from an ldap lookup bean. The home page of the web server will have a number of questionnaires. Each questionnaire link has a JSESSIONID argument, so I've got a session identifier associated with each user login. One restriction on completing a questionnaire is that a particular user can only complete one once per month. With this in mind, I've got some code that'll query a database to see if a particular userid has got an entry in it. I've got the page-flow.xml side of things sorted out for the questionnaire. What I want to do now is set up the page-flow.xml file so that if the user as identified by the user.Userid session attribute has already completed the questionnaire, instead of being prompted to complete the questionnaire, they get directed to a page saying, "sorry, try again next month" If I had an xfoms instance with <survey> <user> <userid/> <email/> <access-questionnaire/> </user> <rest-of-form-instance/> <survey> Then based upon the contents of the <access-questionnaire> object I could either pass the user to the questionnaire or to a page saying "go away" from the page-flow.xml configuration. I can get the request sessionid attribute using an oxf:request processor. I can build the <user>/...</user> bit via a java processor I can concatenate the various bits to get the <survey>...</survey> instance using an oxf:identity statement and pas it onto the questionnaire stuff. The bit I'm stuck at is getting the request session id value into my Java processor so that I can build the <user>...</user> component. I thought I could do <p:processor name="oxf:request" xmlns:p="http://www.orbeon.com/oxf/pipeline"> <p:input name="config"> <config> <include>/request</include> </config> </p:input> <p:output name="data" id="requestval"/> </p:processor> <p:processor name="oxf:java"> <p:input name="config"> <config sourcepath="." class="buildUser"/> </p:input> <p:input name="data" href="#requestval"/> <p:output name="data" id="userInfo"/> </p:processor> ...... But I'm not sure if I can do that. Can I ? Are there any examples of this? Couldn't find any Alex ***************************************************************************************** To view the terms under which this email is distributed, please go to http://www.hull.ac.uk/legal/email_disclaimer.html ***************************************************************************************** -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Accessing session attributes
|
|
Alex,
here is how I retrieve the user object based on the user id stored in the session by tomcat authentication: <p:config xmlns:p="http://www.orbeon.com/oxf/pipeline " xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:oxf="http://www.orbeon.com/oxf/processors " xmlns:aspic="http://www.cruk.com/aspic/editor/v1" xmlns=""> <p:param name="data" type="output" /> <p:processor name="oxf:request-security"> <p:input name="config"> <config> <role>administrator</role> </config> </p:input> <p:output name="data" id="request-security" /> </p:processor> <p:processor name="oxf:xslt" xmlns:p=" http://www.orbeon.com/oxf/pipeline"> <p:input name="config"> <aspic:user xsl:version="2.0"> <aspic:username> <xsl:value-of select="/request-security/remote-user"/> </aspic:username> </aspic:user> </p:input> <p:input name="data" href="#request-security"/> <p:output name="data" id=" getuser.input" /> </p:processor> <p:processor name="oxf:java"> <p:input name="config"> <config sourcepath="oxf:/java" class=" org.cruk.aspic.editor.api.orbeon.GetUserByUsername"/> </p:input> <p:input name="data" href="#getuser.input" /> <p:output name="data" ref="data" /> </p:processor> </p:config> And here is the java code: private static final XPath mXPath = DocumentHelper.createXPath("/aspic:user/aspic:username"); static { mXPath.setNamespaceURIs(OrbeonUtil.NAMESPACE_MAP); } public GetUserByUsername() { addOutputInfo(new ProcessorInputOutputInfo(OUTPUT_DATA)); addInputInfo(new ProcessorInputOutputInfo(INPUT_DATA)); // This is a static const for the string "data". See XPL. } public void generateData(PipelineContext context, ContentHandler contentHandler) throws SAXException, EditorException { Document inputDoc = readInputAsDOM4J(context, INPUT_DATA); String username = mXPath.selectSingleNode(inputDoc).getStringValue(); User user = org.cruk.aspic.editor.workflow.GetUserByUsername.execute(username); Document returnedDoc = OrbeonUtil.toXml (user); OrbeonUtil.returnToOrbeon(contentHandler, returnedDoc); } Hope that helps. Henrik On 9/4/06, Alex Sharaz <[hidden email]> wrote: > Chaps, > > I've got a web server running ops that requires a user to log on. > The login procedure expects a username of the form userif@realm e.h. > [hidden email] > > As part of the login procedure, two session attributes are created, one > called user.Userid with, in this case, a value of fred and one called > user.Email which has their e-mail address as obtained from an ldap > lookup bean. > > The home page of the web server will have a number of questionnaires. > Each questionnaire link has a JSESSIONID argument, so I've got a session > identifier associated with each user login. > > One restriction on completing a questionnaire is that a particular user > can only complete one once per month. With this in mind, I've got some > code that'll query a database to see if a particular userid has got an > entry in it. > I've got the page-flow.xml side of things sorted out for the > questionnaire. > > What I want to do now is set up the page-flow.xml file so that if the > user as identified by the user.Userid session attribute has already > completed the questionnaire, instead of being prompted to complete the > questionnaire, they get directed to a page saying, "sorry, try again > next month" > > If I had an xfoms instance with > > <survey> > <user> > <userid/> > <email/> > <access-questionnaire/> > </user> > <rest-of-form-instance/> > <survey> > > Then based upon the contents of the <access-questionnaire> object I > could either pass the user to the questionnaire or to a page saying "go > away" from the page-flow.xml configuration. > > I can get the request sessionid attribute using an oxf:request > processor. > > I can build the <user>/...</user> bit via a java processor > > I can concatenate the various bits to get the <survey>...</survey> > instance using an oxf:identity statement and pas it onto the > questionnaire stuff. > > The bit I'm stuck at is getting the request session id value into my > Java processor so that I can build the <user>...</user> component. > > I thought I could do > > <p:processor name="oxf:request" > xmlns:p=" http://www.orbeon.com/oxf/pipeline"> > <p:input name="config"> > <config> > <include>/request</include> > </config> > </p:input> > <p:output name="data" id="requestval"/> > </p:processor> > > <p:processor name="oxf:java"> > <p:input name="config"> > <config sourcepath="." class="buildUser"/> > </p:input> > <p:input name="data" href="#requestval"/> > <p:output name="data" id="userInfo"/> > </p:processor> > ...... > > But I'm not sure if I can do that. Can I ? Are there any examples of > this? Couldn't find any > > Alex > > > ***************************************************************************************** > To view the terms under which this email is distributed, please go to http://www.hull.ac.uk/legal/email_disclaimer.html > ***************************************************************************************** > > > -- > You receive this message as a subscriber of the [hidden email] mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > > -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
|
|
Magic!!! Just what I needed Thanks alex From: Henrik Pettersen
[mailto:[hidden email]] Alex, ***************************************************************************************** To view the terms under which this email is distributed, please go to http://www.hull.ac.uk/legal/email_disclaimer.html ***************************************************************************************** -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
|
|
In reply to this post by Henrik Pettersen
And the final question (hopefully) Now that I’ve got a string equivalent
of a session ID, how can I get hold of session objects ? HttpSession session.getAttrinbute(…..
assumes that you’ve picked up an existing session, or a new session. While
session.getId() provides you with a session id, I can’t seem to find any
method that will allow you to get session info from a session via a string
sessionId Alex From:
Henrik Pettersen [mailto:[hidden email]] Alex, ***************************************************************************************** To view the terms under which this email is distributed, please go to http://www.hull.ac.uk/legal/email_disclaimer.html ***************************************************************************************** -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Accessing session attributes
|
|
Is this what you are looking for?
http://www.orbeon.com/ops/doc/processors-serializers#scope-serializer Henrik On 9/4/06, Alex Sharaz <[hidden email]> wrote: > > > > > And the final question (hopefully) > > > > > > Now that I've got a string equivalent of a session ID, how can I get hold > of session objects ? > > > > HttpSession session.getAttrinbute(….. assumes that you've picked up an > existing session, or a new session. While session.getId() provides you with > a session id, I can't seem to find any method that will allow you to get > session info from a session via a string sessionId > > > > Alex > > > > > > ________________________________ > > > From: Henrik Pettersen [mailto:[hidden email]] > Sent: Monday, September 04, 2006 1:39 PM > > To: [hidden email] > Subject: Re: [ops-users] Accessing session attributes > > > > > > > > Alex, > > here is how I retrieve the user object based on the user id stored in the > session by tomcat authentication: > > <p:config xmlns:p="http://www.orbeon.com/oxf/pipeline " > xmlns:xsl="http://www.w3.org/1999/XSL/Transform" > > xmlns:oxf="http://www.orbeon.com/oxf/processors > " > > xmlns:aspic="http://www.cruk.com/aspic/editor/v1" > xmlns=""> > > <p:param name="data" type="output" /> > > <p:processor name="oxf:request-security"> > <p:input name="config"> > <config> > <role>administrator</role> > </config> > </p:input> > <p:output name="data" id="request-security" /> > </p:processor> > > <p:processor name="oxf:xslt" xmlns:p=" > http://www.orbeon.com/oxf/pipeline"> > <p:input name="config"> > <aspic:user xsl:version="2.0"> > <aspic:username> > <xsl:value-of > select="/request-security/remote-user"/> > </aspic:username> > </aspic:user> > </p:input> > <p:input name="data" href="#request-security"/> > <p:output name="data" id=" getuser.input" /> > </p:processor> > > <p:processor name="oxf:java"> > <p:input name="config"> > <config sourcepath="oxf:/java" class=" > org.cruk.aspic.editor.api.orbeon.GetUserByUsername"/> > </p:input> > <p:input name="data" href="#getuser.input" /> > <p:output name="data" ref="data" /> > </p:processor> > </p:config> > > > And here is the java code: > > private static final XPath mXPath = > DocumentHelper.createXPath("/aspic:user/aspic:username"); > > static { > mXPath.setNamespaceURIs(OrbeonUtil.NAMESPACE_MAP); > } > > public GetUserByUsername() { > addOutputInfo(new > ProcessorInputOutputInfo(OUTPUT_DATA)); > addInputInfo(new > ProcessorInputOutputInfo(INPUT_DATA)); // This is a static > const for the string "data". See XPL. > } > > public void generateData(PipelineContext context, ContentHandler > contentHandler) > throws SAXException, EditorException > { > Document inputDoc = readInputAsDOM4J(context, INPUT_DATA); > String username = > mXPath.selectSingleNode(inputDoc).getStringValue(); > User user = > org.cruk.aspic.editor.workflow.GetUserByUsername.execute(username); > Document returnedDoc = OrbeonUtil.toXml (user); > OrbeonUtil.returnToOrbeon(contentHandler, returnedDoc); > } > > Hope that helps. > > Henrik > > On 9/4/06, Alex Sharaz <[hidden email]> wrote: > > Chaps, > > > > I've got a web server running ops that requires a user to log on. > > The login procedure expects a username of the form userif@realm e.h. > > [hidden email] > > > > As part of the login procedure, two session attributes are created, one > > called user.Userid with, in this case, a value of fred and one called > > user.Email which has their e-mail address as obtained from an ldap > > lookup bean. > > > > The home page of the web server will have a number of questionnaires. > > Each questionnaire link has a JSESSIONID argument, so I've got a session > > identifier associated with each user login. > > > > One restriction on completing a questionnaire is that a particular user > > can only complete one once per month. With this in mind, I've got some > > code that'll query a database to see if a particular userid has got an > > entry in it. > > I've got the page-flow.xml side of things sorted out for the > > questionnaire. > > > > What I want to do now is set up the page-flow.xml file so that if the > > user as identified by the user.Userid session attribute has already > > completed the questionnaire, instead of being prompted to complete the > > questionnaire, they get directed to a page saying, "sorry, try again > > next month" > > > > If I had an xfoms instance with > > > > <survey> > > <user> > > <userid/> > > <email/> > > <access-questionnaire/> > > </user> > > <rest-of-form-instance/> > > <survey> > > > > Then based upon the contents of the <access-questionnaire> object I > > could either pass the user to the questionnaire or to a page saying "go > > away" from the page-flow.xml configuration. > > > > I can get the request sessionid attribute using an oxf:request > > processor. > > > > I can build the <user>/...</user> bit via a java processor > > > > I can concatenate the various bits to get the <survey>...</survey> > > instance using an oxf:identity statement and pas it onto the > > questionnaire stuff. > > > > The bit I'm stuck at is getting the request session id value into my > > Java processor so that I can build the <user>...</user> component. > > > > I thought I could do > > > > <p:processor name="oxf:request" > > xmlns:p=" http://www.orbeon.com/oxf/pipeline"> > > <p:input name="config"> > > <config> > > <include>/request</include> > > </config> > > </p:input> > > <p:output name="data" id="requestval"/> > > </p:processor> > > > > <p:processor name="oxf:java"> > > <p:input name="config"> > > <config sourcepath="." class="buildUser"/> > > </p:input> > > <p:input name="data" href="#requestval"/> > > <p:output name="data" id="userInfo"/> > > </p:processor> > > ...... > > > > But I'm not sure if I can do that. Can I ? Are there any examples of > > this? Couldn't find any > > > > Alex > > > > > > > ***************************************************************************************** > > To view the terms under which this email is distributed, please go to > http://www.hull.ac.uk/legal/email_disclaimer.html > > > ***************************************************************************************** > > > > > > -- > > You receive this message as a subscriber of the [hidden email] > mailing list. > > To unsubscribe: mailto: > [hidden email] > > For general help: mailto:[hidden email]?subject=help > > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > > > > > > > ***************************************************************************************** > To view the terms under which this email is distributed, please go to > http://www.hull.ac.uk/legal/email_disclaimer.html > ***************************************************************************************** > > > -- > You receive this message as a subscriber of the [hidden email] > mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > > -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
|
|
Well initially I thought it wasn't, then I read it and thought it might
be so .... 1). Somewhere in my login procedure I've got session.setAttribute ("userid","auserid"); session.setAttribute ("email","[hidden email]"); 2). In my page-flow.xpl I've got <p:processor name="oxf:scope-generator"> <p:input name="config"> <config> <key>userid</key> <scope>session</scope> <session-scope>application</session-scope> </config> </p:input> <p:output name="data" id="userId"/> </p:processor> <p:processor name="oxf:scope-generator"> <p:input name="config"> <config> <key>email</key> <scope>session</scope> <session-scope>application</session-scope> </config> </p:input> <p:output name="data" id="eMail"/> </p:processor> Which I then tag onto what I've already got using an oxf:identity statement. The resultant output xml is <...> ..... <null xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/> <null xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/> .... The above 2 statements correspond to the 2 oxf:generator statements. Just to check, I wrote a noddy displaySession jsp page and it correctly extracts 2 session objects called email and userid ( session.getAttribute("userid") and session.getAttribute("email"); I'm 3.5 M1 Alex -----Original Message----- From: Henrik Pettersen [mailto:[hidden email]] Sent: 04 September 2006 19:22 To: [hidden email] Subject: Re: [ops-users] Accessing session attributes Is this what you are looking for? http://www.orbeon.com/ops/doc/processors-serializers#scope-serializer Henrik On 9/4/06, Alex Sharaz <[hidden email]> wrote: > > > > > And the final question (hopefully) > > > > > > Now that I've got a string equivalent of a session ID, how can I get > of session objects ? > > > > HttpSession session.getAttrinbute(..... assumes that you've picked up > existing session, or a new session. While session.getId() provides you with > a session id, I can't seem to find any method that will allow you to get > session info from a session via a string sessionId > > > > Alex > > > > > > ________________________________ > > > From: Henrik Pettersen [mailto:[hidden email]] > Sent: Monday, September 04, 2006 1:39 PM > > To: [hidden email] > Subject: Re: [ops-users] Accessing session attributes > > > > > > > > Alex, > > here is how I retrieve the user object based on the user id stored in > session by tomcat authentication: > > <p:config xmlns:p="http://www.orbeon.com/oxf/pipeline " > xmlns:xsl="http://www.w3.org/1999/XSL/Transform" > > xmlns:oxf="http://www.orbeon.com/oxf/processors > " > > xmlns:aspic="http://www.cruk.com/aspic/editor/v1" > xmlns=""> > > <p:param name="data" type="output" /> > > <p:processor name="oxf:request-security"> > <p:input name="config"> > <config> > <role>administrator</role> > </config> > </p:input> > <p:output name="data" id="request-security" /> > </p:processor> > > <p:processor name="oxf:xslt" xmlns:p=" > http://www.orbeon.com/oxf/pipeline"> > <p:input name="config"> > <aspic:user xsl:version="2.0"> > <aspic:username> > <xsl:value-of > select="/request-security/remote-user"/> > </aspic:username> > </aspic:user> > </p:input> > <p:input name="data" href="#request-security"/> > <p:output name="data" id=" getuser.input" /> > </p:processor> > > <p:processor name="oxf:java"> > <p:input name="config"> > <config sourcepath="oxf:/java" class=" > org.cruk.aspic.editor.api.orbeon.GetUserByUsername"/> > </p:input> > <p:input name="data" href="#getuser.input" /> > <p:output name="data" ref="data" /> > </p:processor> > </p:config> > > > And here is the java code: > > private static final XPath mXPath = > DocumentHelper.createXPath("/aspic:user/aspic:username"); > > static { > mXPath.setNamespaceURIs(OrbeonUtil.NAMESPACE_MAP); > } > > public GetUserByUsername() { > addOutputInfo(new > ProcessorInputOutputInfo(OUTPUT_DATA)); > addInputInfo(new > ProcessorInputOutputInfo(INPUT_DATA)); // This is a static > const for the string "data". See XPL. > } > > public void generateData(PipelineContext context, ContentHandler > contentHandler) > throws SAXException, EditorException > { > Document inputDoc = readInputAsDOM4J(context, INPUT_DATA); > String username = > mXPath.selectSingleNode(inputDoc).getStringValue(); > User user = > org.cruk.aspic.editor.workflow.GetUserByUsername.execute(username); > Document returnedDoc = OrbeonUtil.toXml (user); > OrbeonUtil.returnToOrbeon(contentHandler, returnedDoc); > } > > Hope that helps. > > Henrik > > On 9/4/06, Alex Sharaz <[hidden email]> wrote: > > Chaps, > > > > I've got a web server running ops that requires a user to log on. > > The login procedure expects a username of the form userif@realm > > [hidden email] > > > > As part of the login procedure, two session attributes are created, > > called user.Userid with, in this case, a value of fred and one called > > user.Email which has their e-mail address as obtained from an ldap > > lookup bean. > > > > The home page of the web server will have a number of questionnaires. > > Each questionnaire link has a JSESSIONID argument, so I've got a session > > identifier associated with each user login. > > > > One restriction on completing a questionnaire is that a particular user > > can only complete one once per month. With this in mind, I've got some > > code that'll query a database to see if a particular userid has got an > > entry in it. > > I've got the page-flow.xml side of things sorted out for the > > questionnaire. > > > > What I want to do now is set up the page-flow.xml file so that if the > > user as identified by the user.Userid session attribute has already > > completed the questionnaire, instead of being prompted to complete the > > questionnaire, they get directed to a page saying, "sorry, try again > > next month" > > > > If I had an xfoms instance with > > > > <survey> > > <user> > > <userid/> > > <email/> > > <access-questionnaire/> > > </user> > > <rest-of-form-instance/> > > <survey> > > > > Then based upon the contents of the <access-questionnaire> object I > > could either pass the user to the questionnaire or to a page saying > > away" from the page-flow.xml configuration. > > > > I can get the request sessionid attribute using an oxf:request > > processor. > > > > I can build the <user>/...</user> bit via a java processor > > > > I can concatenate the various bits to get the <survey>...</survey> > > instance using an oxf:identity statement and pas it onto the > > questionnaire stuff. > > > > The bit I'm stuck at is getting the request session id value into > > Java processor so that I can build the <user>...</user> component. > > > > I thought I could do > > > > <p:processor name="oxf:request" > > xmlns:p=" http://www.orbeon.com/oxf/pipeline"> > > <p:input name="config"> > > <config> > > <include>/request</include> > > </config> > > </p:input> > > <p:output name="data" id="requestval"/> > > </p:processor> > > > > <p:processor name="oxf:java"> > > <p:input name="config"> > > <config sourcepath="." class="buildUser"/> > > </p:input> > > <p:input name="data" href="#requestval"/> > > <p:output name="data" id="userInfo"/> > > </p:processor> > > ...... > > > > But I'm not sure if I can do that. Can I ? Are there any examples > > this? Couldn't find any > > > > Alex > > > > > > > ***************** > > To view the terms under which this email is distributed, please go to > http://www.hull.ac.uk/legal/email_disclaimer.html > > > ************************************************************************ ***************** > > > > > > -- > > You receive this message as a subscriber of the [hidden email] > mailing list. > > To unsubscribe: mailto: > [hidden email] > > For general help: mailto:[hidden email]?subject=help > > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > > > > > > > ************************************************************************ ***************** > To view the terms under which this email is distributed, please go to > http://www.hull.ac.uk/legal/email_disclaimer.html > ************************************************************************ ***************** > > > -- > You receive this message as a subscriber of the [hidden email] > mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > > ***************************************************************************************** To view the terms under which this email is distributed, please go to http://www.hull.ac.uk/legal/email_disclaimer.html ***************************************************************************************** -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Accessing session attributes
|
Administrator
|
Alex,
I think that this is due to the fact that when the Scope generator finds a string attribute, it tries to parse it to XML. I am even surprised that you don't get an exception! -Erik Alex Sharaz wrote: > Well initially I thought it wasn't, then I read it and thought it might > be so .... > > 1). > Somewhere in my login procedure I've got > session.setAttribute ("userid","auserid"); > session.setAttribute ("email","[hidden email]"); > > 2). > > In my page-flow.xpl I've got > > <p:processor name="oxf:scope-generator"> > <p:input name="config"> > <config> > <key>userid</key> > <scope>session</scope> > <session-scope>application</session-scope> > </config> > </p:input> > <p:output name="data" id="userId"/> > </p:processor> > > <p:processor name="oxf:scope-generator"> > <p:input name="config"> > <config> > <key>email</key> > <scope>session</scope> > <session-scope>application</session-scope> > </config> > </p:input> > <p:output name="data" id="eMail"/> > </p:processor> > > Which I then tag onto what I've already got using an oxf:identity > statement. > > The resultant output xml is > <...> > ..... > > <null xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:nil="true"/> > <null xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:nil="true"/> > > .... > The above 2 statements correspond to the 2 oxf:generator statements. > > Just to check, I wrote a noddy displaySession jsp page and it correctly > extracts 2 session objects called email and userid ( > session.getAttribute("userid") and session.getAttribute("email"); > > > I'm 3.5 M1 > > Alex > > > -----Original Message----- > From: Henrik Pettersen [mailto:[hidden email]] > Sent: 04 September 2006 19:22 > To: [hidden email] > Subject: Re: [ops-users] Accessing session attributes > > Is this what you are looking for? > http://www.orbeon.com/ops/doc/processors-serializers#scope-serializer > > Henrik > > On 9/4/06, Alex Sharaz <[hidden email]> wrote: >> >> >> >> And the final question (hopefully) >> >> >> >> >> >> Now that I've got a string equivalent of a session ID, how can I get > hold >> of session objects ? >> >> >> >> HttpSession session.getAttrinbute(..... assumes that you've picked up > an >> existing session, or a new session. While session.getId() provides you > with >> a session id, I can't seem to find any method that will allow you to > get >> session info from a session via a string sessionId >> >> >> >> Alex >> >> >> >> >> >> ________________________________ >> >> >> From: Henrik Pettersen [mailto:[hidden email]] >> Sent: Monday, September 04, 2006 1:39 PM >> >> To: [hidden email] >> Subject: Re: [ops-users] Accessing session attributes >> >> >> >> >> >> >> >> Alex, >> >> here is how I retrieve the user object based on the user id stored in > the >> session by tomcat authentication: >> >> <p:config xmlns:p="http://www.orbeon.com/oxf/pipeline " >> xmlns:xsl="http://www.w3.org/1999/XSL/Transform" >> >> xmlns:oxf="http://www.orbeon.com/oxf/processors >> " >> >> xmlns:aspic="http://www.cruk.com/aspic/editor/v1" >> xmlns=""> >> >> <p:param name="data" type="output" /> >> >> <p:processor name="oxf:request-security"> >> <p:input name="config"> >> <config> >> <role>administrator</role> >> </config> >> </p:input> >> <p:output name="data" id="request-security" /> >> </p:processor> >> >> <p:processor name="oxf:xslt" xmlns:p=" >> http://www.orbeon.com/oxf/pipeline"> >> <p:input name="config"> >> <aspic:user xsl:version="2.0"> >> <aspic:username> >> <xsl:value-of >> select="/request-security/remote-user"/> >> </aspic:username> >> </aspic:user> >> </p:input> >> <p:input name="data" href="#request-security"/> >> <p:output name="data" id=" getuser.input" /> >> </p:processor> >> >> <p:processor name="oxf:java"> >> <p:input name="config"> >> <config sourcepath="oxf:/java" class=" >> org.cruk.aspic.editor.api.orbeon.GetUserByUsername"/> >> </p:input> >> <p:input name="data" href="#getuser.input" /> >> <p:output name="data" ref="data" /> >> </p:processor> >> </p:config> >> >> >> And here is the java code: >> >> private static final XPath mXPath = >> DocumentHelper.createXPath("/aspic:user/aspic:username"); >> >> static { >> mXPath.setNamespaceURIs(OrbeonUtil.NAMESPACE_MAP); >> } >> >> public GetUserByUsername() { >> addOutputInfo(new >> ProcessorInputOutputInfo(OUTPUT_DATA)); >> addInputInfo(new >> ProcessorInputOutputInfo(INPUT_DATA)); // This is a static >> const for the string "data". See XPL. >> } >> >> public void generateData(PipelineContext context, ContentHandler >> contentHandler) >> throws SAXException, EditorException >> { >> Document inputDoc = readInputAsDOM4J(context, INPUT_DATA); >> String username = >> mXPath.selectSingleNode(inputDoc).getStringValue(); >> User user = >> org.cruk.aspic.editor.workflow.GetUserByUsername.execute(username); >> Document returnedDoc = OrbeonUtil.toXml (user); >> OrbeonUtil.returnToOrbeon(contentHandler, returnedDoc); >> } >> >> Hope that helps. >> >> Henrik >> >> On 9/4/06, Alex Sharaz <[hidden email]> wrote: >> > Chaps, >> > >> > I've got a web server running ops that requires a user to log on. >> > The login procedure expects a username of the form userif@realm > e.h. >> > [hidden email] >> > >> > As part of the login procedure, two session attributes are created, > one >> > called user.Userid with, in this case, a value of fred and one > called >> > user.Email which has their e-mail address as obtained from an ldap >> > lookup bean. >> > >> > The home page of the web server will have a number of > questionnaires. >> > Each questionnaire link has a JSESSIONID argument, so I've got a > session >> > identifier associated with each user login. >> > >> > One restriction on completing a questionnaire is that a particular > user >> > can only complete one once per month. With this in mind, I've got > some >> > code that'll query a database to see if a particular userid has > got an >> > entry in it. >> > I've got the page-flow.xml side of things sorted out for the >> > questionnaire. >> > >> > What I want to do now is set up the page-flow.xml file so that if > the >> > user as identified by the user.Userid session attribute has already >> > completed the questionnaire, instead of being prompted to complete > the >> > questionnaire, they get directed to a page saying, "sorry, try > again >> > next month" >> > >> > If I had an xfoms instance with >> > >> > <survey> >> > <user> >> > <userid/> >> > <email/> >> > <access-questionnaire/> >> > </user> >> > <rest-of-form-instance/> >> > <survey> >> > >> > Then based upon the contents of the <access-questionnaire> object I >> > could either pass the user to the questionnaire or to a page saying > "go >> > away" from the page-flow.xml configuration. >> > >> > I can get the request sessionid attribute using an oxf:request >> > processor. >> > >> > I can build the <user>/...</user> bit via a java processor >> > >> > I can concatenate the various bits to get the <survey>...</survey> >> > instance using an oxf:identity statement and pas it onto the >> > questionnaire stuff. >> > >> > The bit I'm stuck at is getting the request session id value into > my >> > Java processor so that I can build the <user>...</user> component. >> > >> > I thought I could do >> > >> > <p:processor name="oxf:request" >> > xmlns:p=" http://www.orbeon.com/oxf/pipeline"> >> > <p:input name="config"> >> > <config> >> > <include>/request</include> >> > </config> >> > </p:input> >> > <p:output name="data" id="requestval"/> >> > </p:processor> >> > >> > <p:processor name="oxf:java"> >> > <p:input name="config"> >> > <config sourcepath="." class="buildUser"/> >> > </p:input> >> > <p:input name="data" href="#requestval"/> >> > <p:output name="data" id="userInfo"/> >> > </p:processor> >> > ...... >> > >> > But I'm not sure if I can do that. Can I ? Are there any examples > of >> > this? Couldn't find any >> > >> > Alex >> > >> > >> > >> > ************************************************************************ > ***************** >> > To view the terms under which this email is distributed, please go > to >> http://www.hull.ac.uk/legal/email_disclaimer.html >> > >> > ************************************************************************ > ***************** >> > >> > >> > -- >> > You receive this message as a subscriber of the > [hidden email] >> mailing list. >> > To unsubscribe: mailto: >> [hidden email] >> > For general help: mailto:[hidden email]?subject=help >> > ObjectWeb mailing lists service home page: > http://www.objectweb.org/wws >> > >> > >> > >> >> > ************************************************************************ > ***************** >> To view the terms under which this email is distributed, please go to >> http://www.hull.ac.uk/legal/email_disclaimer.html >> > ************************************************************************ > ***************** >> >> -- >> You receive this message as a subscriber of the > [hidden email] >> mailing list. >> To unsubscribe: mailto:[hidden email] >> For general help: mailto:[hidden email]?subject=help >> ObjectWeb mailing lists service home page: > http://www.objectweb.org/wws >> >> >> >> ------------------------------------------------------------------------ >> >> ***************************************************************************************** >> To view the terms under which this email is distributed, please go to http://www.hull.ac.uk/legal/email_disclaimer.html >> ***************************************************************************************** >> >> ------------------------------------------------------------------------ >> >> >> -- >> You receive this message as a subscriber of the [hidden email] mailing list. >> To unsubscribe: mailto:[hidden email] >> For general help: mailto:[hidden email]?subject=help >> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws -- Orbeon - XForms Everywhere: http://www.orbeon.com/blog/ -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
|
|
Hi,
Checked the log4j.log file and nope no exception. The other thing I've noticed is a difference in the contents of the <request> object depending upon how/where I log in I'm running resin-3.0.21 and have the ops.war file deployed in/usr/web/deploy/ops. Once the war has been expanded I add a few bits to the web.xml to get things working. Access to overall web server requires authentication. Relative links on the server also have a jsessionid attribute to keep track of session information. If I don't have any authentication configured within ops then clicking on a link that access a page-flow.xml file with the following <p:processor name="oxf:request" xmlns:p="http://www.orbeon.com/oxf/pipeline"> <p:input name="config"> <config> <include>/request</include> <include>/request/remote-user</include> </config> </p:input> <p:output name="data" id="requestval" debug="ccsas output: get request info"/> </p:processor> returns a <request> object that does not contain any info relating to the remote user. I then went configured the ops authentication example to work on my server. When implementing authentication within the ops webapp, the request object does have the remote user info present. I then reconfigured the ops/WEB-INF/web.xml file so that authentication was required for the any access to /ops/..... and my code with the above snippet worked just fine, the request object including remote -user information. I don't know that much about the application server, but would it be usual to assume that if you authenticate to the server and ensure that you keep track of session ids that you'd be able to see info such as the /request/remote-user within a deployed web-app? Alex -----Original Message----- From: Erik Bruchez [mailto:[hidden email]] On Behalf Of Erik Bruchez Sent: Monday, September 18, 2006 11:31 PM To: [hidden email] Subject: Re: [ops-users] Accessing session attributes Alex, I think that this is due to the fact that when the Scope generator finds a string attribute, it tries to parse it to XML. I am even surprised that you don't get an exception! -Erik ***************************************************************************************** To view the terms under which this email is distributed, please go to http://www.hull.ac.uk/legal/email_disclaimer.html ***************************************************************************************** -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Accessing session attributes
|
Administrator
|
Alex,
> I don't know that much about the application server, but would it be > usual to assume that if you authenticate to the server and ensure > that you keep track of session ids that you'd be able to see info > such as the /request/remote-user within a deployed web-app? You have two main mechanisms to authenticate users with most application servers: 1. HTTP authentication 2. Form-based authentication To this we should add HTTPS client authentication, but that is rarely used. With #1, you don't need an ongoing HTTP session for the remote user information to be available. With #2, you need an ongoing HTTP session, which means that you need either cookies enabled on the client (most common scenario), or the session id being passed on the URL (more rarely supported by applications). -Erik -- Orbeon - XForms Everywhere: http://www.orbeon.com/blog/ -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
|
|
I'm using forms based auth and ensuring that the session id is passed on
I know that works coz all the links on my web server are generated via xslt to include the session id and I make use of various session objects in them. My question was if I have form based auth enabled for the whole web server, and ensure that I ensure that I always pass the session id, in any links, should it matter if the auth is performed at the root server level or within the deployed ops apps. If I auth at the root level and get a <request><remote-user-id>..</remote-user-id> node, shouldn't I be able to see the <remote-user-id> within ops ? At the moment the page-flow snippet I sent in only works if II authenticate within the deployed ops webapp. -----Original Message----- From: Erik Bruchez [mailto:[hidden email]] On Behalf Of Erik Bruchez Sent: Wednesday, September 20, 2006 12:04 PM To: [hidden email] Subject: Re: [ops-users] Accessing session attributes Alex, > I don't know that much about the application server, but would it be > usual to assume that if you authenticate to the server and ensure > that you keep track of session ids that you'd be able to see info > such as the /request/remote-user within a deployed web-app? You have two main mechanisms to authenticate users with most application servers: 1. HTTP authentication 2. Form-based authentication To this we should add HTTPS client authentication, but that is rarely used. With #1, you don't need an ongoing HTTP session for the remote user information to be available. With #2, you need an ongoing HTTP session, which means that you need either cookies enabled on the client (most common scenario), or the session id being passed on the URL (more rarely supported by applications). -Erik -- Orbeon - XForms Everywhere: http://www.orbeon.com/blog/ ***************************************************************************************** To view the terms under which this email is distributed, please go to http://www.hull.ac.uk/legal/email_disclaimer.html ***************************************************************************************** -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Accessing session attributes
|
Administrator
|
Alex,
> I'm using forms based auth and ensuring that the session id is > passed on > > I know that works coz all the links on my web server are generated > via xslt to include the session id and I make use of various session > objects in them. > > My question was if I have form based auth enabled for the whole web > server How do you do that? -Erik -- Orbeon - XForms Everywhere: http://www.orbeon.com/blog/ -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
| Free forum by Nabble | Edit this page |