8 Replies Latest reply on Mar 31, 2010 4:12 PM by arnohernach

    login-required="true" for all pages damages layout

      Hi!

      I want all my pages only accessible if logged in.
      If I add

      <page view-id="/*" login-required="true">

      to my pages.xml I get the effect that the GUI layout is damaged/incomplete some way, e. g. the panel borders are missing, the GUI element positions are distorted - although the CSS file references are still in the HTML. Seems, rendering the webpage is interrupted.

      Any idea how I can accomplish what I want?

      The whole pages.xml:

      <?xml version="1.0" encoding="UTF-8"?>
      <pages xmlns="http://jboss.com/products/seam/pages"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.1.xsd"

             no-conversation-view-id="/home.xhtml"
             login-view-id="/login.xhtml">

          <page view-id="/*"
                login-required="true">

              <navigation>
                  <rule if-outcome="home">
                      <redirect view-id="/home.xhtml"/>
                  </rule>
              </navigation>
          </page>

          ... exceptions ...   
      </pages>

      Thanks!
      Regards, Robert
        • 1. Re: login-required="true" for all pages damages layout
          gonorrhea

          have you tried something like this instead?


          <page view-id="*" >
                    <action execute="#{identity.login}" if="#{not identity.loggedIn}"/>
                    <navigation>
                         <rule if="#{not identity.loggedIn}">
                               <redirect view-id="/error.xhtml">
                                    <message>Your network login credentials could not be detected.</message>
                               </redirect>
                       </rule>
                    </navigation>
              </page>

          • 2. Re: login-required="true" for all pages damages layout
            <action execute="#{identity.login}"

            This does not redirect to login page.

            And if I add this
            <rule if="#{not identity.loggedIn}">
                <redirect view-id="/error.xhtml">
                ...

            I get an infinite loop of redirection - since wildcard matches
            also /login (or is it /error it wants to redirect to).

            • 3. Re: login-required="true" for all pages damages layout
              norman

              Don't use login-required for *.  There may have been a workaround for this at some point involving setting URL patterns for filters, but I honestly don't recall.

              • 4. Re: login-required="true" for all pages damages layout

                Hi Norman,
                I just found this:
                https://jira.jboss.org/jira/browse/JBSEAM-2186
                I think that's what you meant.
                In my opinion this issue - losing the CSS skin  - is still open.


                The workaround that you mentioned in there were to move all files except login.xhtml into a subdirectory.
                Results in URLs not just nice since all have the same subdir (which the user sees as superfluous).
                Is there a way to map this subdir away from the URL
                (someway of URL translation)?

                • 5. Re: login-required="true" for all pages damages layout

                  The background of my wish to required logged-in for all pages is that I have different menu items and different database selection depending on the user's role.
                  Maybe there is another way to force a login at first page request in session (this includes the case of session timeout where the user might reload his current last page).

                  • 6. Re: login-required="true" for all pages damages layout
                    gonorrhea

                    our solution is based on NTLM IE browser authentication (i.e. user never manually logs in or out of the Seam apps).  we don't experience this problem.


                    here's Norman's comment in that JIRA:


                    login-required="true" with view-id="*" causes RF to not be able to find CSS files, which internally get mapped to /css/* URLs. The workarounds are to move secure resources into a subdirectory and only restrict those files or to declare login-required="true" for each view.


                    • 7. Re: login-required="true" for all pages damages layout
                      Yes, that's what I saw, thanks!

                      ---

                      Sorry for all for stretching this page so wide. I missed checking the "Let me type some plain text, not markup" - or vice versa.

                      Hmmmm, I don't like this Wiki editing ...... Grmpf #!"§$%
                      • 8. Re: login-required="true" for all pages damages layout
                        arnohernach

                        I actually had the same problem too. Thanks for this solution!