handlerInterceptor problem -- using for sign-on

[eisenb]

Hello,

This is probably an idiot / newbie type error, but I thought I'd post a request for help.

I have a sign-in interceptor that sits in front of pages that require sign-on. The interceptor does much like the interceptor in the JPetstore example. However, unlike the JPetstore example, my sign-in form is based upon a SimpleFormController. And the JSP code has references to status.*.

My problem is that I receive messages to the effect that Errors is not bound into the model. I get a Server 500 condition as a result. I guess I don't understand the workflow as I need to. I was thinking the sign in form would be displayed as if it were initially displayed.

I note that JPetstore only binds a message object and doesn't do much else. I think in modeling after it, I'm missing some complexity that I'm adding to the mix.

Any help would be appreciated.

Bill

[irbouho]

I guess I don't understand the workflow as I need to.

signonInterceptor, from jpetstore sample, forwards to SignonForm which is then resolved to /WEB-INF/jsp/spring/SignonForm.jsp.

I was thinking the sign in form would be displayed as if it were initially displayed.

You can do this very easily by forwarding to your sign-on SimpleFormController instead of forwarding to your view:

Code:

 ModelAndView modelAndView = new ModelAndView(new RedirectView("path-to-signon-form-controller"));

HTH

[eisenb]

Thanks for your reply, though I wasn't able to translate your advice into working code. Perhaps code of my own will help demonstrate. This is my sign-in interceptor code complete with comments:

Code:

/**
 * Intercepts requests for views which require authentication.  Requires sign-on if there is
 * no UserSession.
 */
public class SignInInterceptor extends HandlerInterceptorAdapter
{
  private static final String QUERY_DELIMITER = "?";
  protected final Log log = LogFactory.getLog(getClass());

	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception
  {
    // Retrieve the user id and method of sign-in out of the session.  These would exist if
    // the user was signed in.
		UserSession userSession = (UserSession) WebUtils.getSessionAttribute(request, WebConstants.USER_SESSION);

    // If we don't have a user id with a non-cookie-based sign-in, we force the user to sign on.
		if (userSession == null || userSession.needsFormSignIn())
    {
      // Retrieve the url and query so that we can save those for later.
			String url = request.getServletPath();
			String query = request.getQueryString();

      // Establish the view and add the forward action.
			ModelAndView modelAndView = new ModelAndView(WebConstants.SIGNIN_VIEW);
      url = (query != null ) ? url + QUERY_DELIMITER + query : url;      modelAndView.addObject(WebConstants.SIGNIN_FORWARD_ACTION, url);

      // Overrides the prior destination with a trip to the sign-on form.  The prior
      // destination is saved for after the sign-on completes.
      throw new ModelAndViewDefiningException(modelAndView);
		}
		else
    {
      // Return true so that the request will continue to be processed.
			return true;
		}
	}
}

My intent is to forward to my sign-in form and have it pick up the forward action based upon the intercepted condition. However, when I run this code, I get this message "Could not find Errors instance for bean [signInForm] in request: add the Errors model to your ModelAndView via errors.getModel()".

I am not sure how I would add the errors instances to the model at the point of interception. What's more, I'm not sure if this is the proper behavior. I think I'm missing something.

Bill

[irbouho]

Bill,

replace this line

ModelAndView modelAndView = new ModelAndView(WebConstants.SIGNIN_VIEW);

with

Code:

ModelAndView modelAndView = new ModelAndView(new RedirectView(WebConstants.SIGNIN_VIEW));

This will generate a redirect to your form controller instead of a forward to the view.
HTH

[eisenb]

Hey There,

Thanks again for the continued attempts to help me. The line of code that you suggested doesn't work -- it results in a URL like this:

/signInView?signInForwardAction=%2Faccount.htm

And as you can see, it doesn't resolve my view, so I get a page not found error. If I instead, replace the view name with the virtual URL, the URL looks like this:

/signin.htm?signInForwardAction=%2Faccount.htm

And the result of that is that I correctly get to my sign-in form, however the query string has been somehow lopped off of the request that I get access to. That's even though I can still see it in the browser address line.

I'm mostly a middleware guy, so I'm probably missing something fundamental here.

Bill

[irbouho]

however the query string has been somehow lopped off of the request that I get access to. That's even though I can still see it in the browser address line.

what view type are you using? what does request.getAttribute("signInForwardAction") return when called from the form controller?

[eisenb]

Hello There,

I am using a JSTLView and the result is null. The snippet of code is below and I'm not doing anything special in the part that precedes it:

Code:

  String forwardAction = request.getParameter(WebConstants.SIGNIN_FORWARD_ACTION);

  if (forwardAction != null)
  {
    response.sendRedirect(forwardAction)
    return null;
  }

  // Return to the success view.
  return new ModelAndView(getSuccessView());

[irbouho]

Bill,

You should add the following to your jsp page:

Code:

<input type="hidden" name="signInForwardAction" value="$&#123;signInForwardAction&#125;">

. This will ensure the signInForwardAction survives the redirect.
HTH

[eisenb]

Thanks. I actually do have this line of code in my JSP. It is surrounded by a JSTL "empty" tag, but that has no effect. So its still not working as intended.

I may be considering other alternatives sometime soon since this approach isn't getting me anywhere.

Bill

[irbouho]

Bill,

following is a LogonInterceptor I use in my production applications:
1. LogonInterceptor

Code:

/*
 * Copyright 2002-2004 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.taha.web.spring;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.ModelAndViewDefiningException;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.util.WebUtils;

import org.taha.domain.User;
import org.taha.web.Globals;

/**
 * @author <a href="mailto&#58;irbouh@gmail.com">Omar Irbouh</a>
 * @version $Revision&#58; 0.0.1 $
 * @since 2004.11.01
 */
public class LogonInterceptor extends HandlerInterceptorAdapter &#123;
  private String loginPage;
  private boolean saveUrl = false;
  private String urlParameterName;

  /* &#40;non-Javadoc&#41;
   * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle&#40;HttpServletRequest, HttpServletResponse, Object&#41;
   */
  public boolean preHandle&#40;HttpServletRequest request, HttpServletResponse response, Object handler&#41; throws Exception &#123;
    User user = &#40;User&#41; WebUtils.getSessionAttribute&#40;request, Globals.CONNECTED_USER&#41;;
    if &#40;user == null&#41; &#123;
      String url = request.getServletPath&#40;&#41;;
      String query = request.getQueryString&#40;&#41;;
      ModelAndView modelAndView = new ModelAndView&#40;loginPage&#41;;
      if &#40;saveUrl&#41; &#123;
        if &#40;query != null&#41;
          modelAndView.addObject&#40;urlParameterName, url+"?"+query&#41;;
        else
          modelAndView.addObject&#40;urlParameterName, url&#41;;
      &#125;
      throw new ModelAndViewDefiningException&#40;modelAndView&#41;;
    &#125;
    else &#123;
      return true;
    &#125;
  &#125;

  /**
   * define loginPage to which the Interceptor will redirect the user
   * @param loginPage context relative login page
   */
  public void setLoginPage&#40;String loginPage&#41; &#123;
    this.loginPage = loginPage;
  &#125;

  /**
   * sets if the interceptor should send the requested URL to login page
   * @param saveUrl
   */
  public void setSaveUrl&#40;boolean saveUrl&#41; &#123;
    this.saveUrl = saveUrl;
  &#125;

  /**
   * sets the name of the parameter used by login page to recieve the requested URL
   * @param urlParameterName
   */
  public void setUrlParameterName&#40;String urlParameterName&#41; &#123;
    this.urlParameterName = urlParameterName;
  &#125;
&#125;

2. configuration

Code:

  <!-- Logon Interceptor -->
  <bean id="logonInterceptor" class="org.taha.web.spring.LogonInterceptor">
    <property name="loginPage">
      <value>redirect&#58;/login.htm</value>
    </property>
    <property name="saveUrl">
      <value>true</value>
    </property>
    <property name="urlParameterName">
      <value>targetUrl</value>
    </property>
  </bean>

3. loginForm (velocity)

Code:

  ...
  <form action="login.htm" name="loginForm" method="post">
    <input type="hidden" name="targetUrl" value="$!&#123;request.getParameter&#40;"targetUrl"&#41;&#125;">
    ...
  </form>
  ...

HTH