2 Replies Latest reply on Aug 13, 2007 7:16 AM by staale

Redirect in a PageInterceptor renders the page in background

staale Aug 9, 2007 5:22 AM

I tries posting this question in the jboss forum - but didnt get any replies. So ill try here as well:

Im using jboss portal 2.2.2 with jboss as 4.0.4 GA on a debian linux server.
We are using a PageInterceptor to switch pages from http to https, so we dont have to rewrite all urls.
The property to make a page https is written in a page attribute.

When the request hits the PageInterceptor we check if the request should be secure or not - and do a redirect to a secure or no-secure url if it is of the wrong type.

All this is good, and it seems to work perfectly. But i see from the logs - that when i do a redirect in the PageInterceptor - the request is being ran anyway.

Here is a snip of code that runs in the PageInterceptor.

Code:

final String hostName = getRedirectHost(viaHeaderField, httpRequest.getServerName(), false);
final String redirectURL = createRedirectURL(httpRequest, PROTOCOL_HTTP, hostName);
sendRedirect(pageInvocation, redirectURL);
pageInvocation.invokeNext();

What I could use is a command to stop rendering the page in the pageInterceptor, but if i dont call pageInvocation.invokeNext(); the portal fails.

Can anyone help me ?

Regards,
Ståle

1. Re: Redirect in a PageInterceptor renders the page in backgr

antoine_h Aug 9, 2007 7:10 AM (in response to staale)

Not easy question...
I ll try an answer.

on the same way as you did :
- look at the chain of interceptor (interceptor stack), in the jmx service descriptor that define it
- look at the interceptor that are after the pageInterceptor, and customise "all that" so you can still invokeNext, but skip what you don't want
- keep the interceptor that are vital for the portal. may be rearrange them.
not sure it will work.
may be a lot to do, as you touch the core engine of the portal.

other way :
I would do it at the url/command level
when an url is requested, the portal decode it and build a command, that will be executed (ie call the proper page, call the portlet which is called by the url, etc...).
there, you may be able change the url state, so it is considered as a secured one.
or even build a new type of command, that will do what you want.

other way :
using a servlet filter ?
in front of the main serlvet(s) of the portal, change/rewrite the url so the portal see it as a secured one.
look at the portal-server war for that.
there are for servlet (two not secured, two secured).
should be the best way, as it does not touch the portal processing. just make it see what you want it to see.

hope this can help...
Actions
2. Re: Redirect in a PageInterceptor renders the page in backgr

staale Aug 13, 2007 7:16 AM (in response to staale)

"Antoine_h" wrote:

using a servlet filter ?
in front of the main serlvet(s) of the portal, change/rewrite the url so the portal see it as a secured one.
look at the portal-server war for that.
there are for servlet (two not secured, two secured).
should be the best way, as it does not touch the portal processing. just make it see what you want it to see.

hope this can help...

Thanks for the post. The last idea is probably the safest way. I was blinded by the fact that it was very easy use the properties in the XX-object.xml for each page.

I can rewrite the code to work in a tomcat valve. The hard part is that I have to read the XX-object.xml by myself - or make another configuration file to enable/disable secure mode for a page.

We have a rather large system - and adding even more custom properties in separate files is probably not what my customer want right now - so im guessing a custom parser just to pick out a page name and the secure property for it might be the solution.

Ill stop writing and go coding :)

Regards,
Ståle
Actions

Go to original post