I need a help. I have a simple struts2 login/logout application.
For each action on struts.xml some jsp is rendered in the application. Now I have implemented the logout feature in the application and it invalidates the session properly.
But after logout if I write a particular action on URL and call the action the JSP is rendered.
I want to stop that. If Interceptors be any help.
How? Please Help.
Related
Am a newbie to Grails. I am using Grails 3.3.2 and am trying to implement security plugin in my app. How do I redirect to a certain page after a successful login.
In your Grails controller you will have the if check of successful login, inside that condition you can write the redirect statement as below,
redirect(controller: 'YOUR_CONTROLLER_NAME', action:'YOUR_GSP_PAGE_NAME')
If you want to redirect page with specific path then use following syntax,
redirect(uri: "PATH_TO_YOUR_PAGE")
See more examples here Grails redirect examples
I have a application in ZF2 framework, in this I am sending and requesting data to/from a web services using http_client request. In my application I have a multi step form which is changing form steps using ajax.
Now if I submit a form using ajax request, it hit my controller and then from controller I call a common function of controller plugin for all type of request in this case if there is any error in web service then I want to redirect to login page but it not redirecting parent layout/page instead of this it show the login page in ajax loaded form part(where my form is changing through ajax).
Please help me to redirect main page to login page instead of show login page in ajax loaded part.
Thanks in advance
I'm not a javascript expert but you need to do the redirect in the javascript and not your controller.
window.location.replace("http://stackoverflow.com");
You can pass the redirect url from your controller if you need to redirect to different locations depending on your logic.
See this question.
Hope this points you in the right direction.
Hope you can help. In my ASP.net MVC3 app, all my controllers descend from a customized controller I have created.
Upon FormsAuthentication time out, my app correctly redirects users to the login page if they attempt to access any page (standard functionality).
However, for Ajax.ActionLink and Ajax.BeginForm calls, they just return nothing, which confuses users if the browser is left open for more than 20 minutes and then they try to access an Ajax link.
Is there any code I can put in to my base controller that will work generically so that when it detects an inbound Ajax call and we have timed-out, it will redirect users to my login page as expected?
I don't mind if it doesn't return to the original page afterwards - happy for it to just go to the Home Index page.
Thanks in advance for any help you can provide.
Simon.
You may take a look at the following blog post which illustrates a nice way to prevent the FormsAuthentication module from redirecting to the logon page in case of an AJAX request and simply send a 401 status code to the client so that it can act accordingly.
I need to be notified any time a largeish asp.net mvc web application makes an ajax call to the server. We're using both jquery, and the built-in Ajax.* methods to do the remote calls, and I would like a global way of knowing when we make a call without having to manually inject some sort of "IsMakingCall" method to every request.
The root problem we're trying to solve is session timeout. If the user leaves a page up and goes to lunch (for example), they get errors when they get back because the ajax call is returning the login page instead of the expected json or partial html result.
My idea was to have a js timer which would be reset any time we make an ajax call. That way, if the timer runs out (ie. their session has now timed out) I can just auto-log them out. This is how sites like bank of america and mint.com work.
Thanks!
I handle the problem you describe in a different fashion, client-side. I have a jQuery plugin on my master page that will prompt the user to renew their session via a dialog just before it is set to expire. If the user doesn't respond (or clicks logout), it calls the logout action on the application. If the user "renews" their session, it makes an AJAX call back to the server, resetting the sliding window server-side.
You can find code on my blog, http://farm-fresh-code.blogspot.com. Right now it doesn't take account of AJAX actions that may renew the session, but you could instrument it so that jQuery AJAX, via a global ajaxStart would reset the timer. It uses ajaxStart to reset the timer when a jQuery AJAX request is made. I don't use MS AJAX much so I'm not sure if there's a global hook you can use. It doesn't appear so from inspecting the code, but you could manually add one via AjaxOptions to each request. You might investigate adding a handler to the Sys.Net.WebRequestManager, too.
Basically, the problem here is the default behavior returns back a login page. The result of that is a 200 OK, which to jQuery is a successful call. Correct this handling for ajax calls from MVC and you should be good.
I think the most straight-forward way to handle this is to change the way the Authorize works for ajax scenarios. You can tell if a request is Ajax at that point, and return a similar status code that ASP.NET doesn't invoke the login redirect for(403). Then jQuery will interpret as a failure and fall into that code on the client script.
You can then easily have a shared function in a common js file to handle a friendly way to tell the user they have expired their session.
Something like this might do it
public class AjaxAuthorize : AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest())
{
filterContext.Result = new ContentResult();
filterContext.HttpContext.Response.StatusCode = 403; // 401 would make ASP.NET return the login page and a 200 OK status
}
else
base.HandleUnauthorizedRequest(filterContext);
}
}
I guess you should create default handler functions for success or begin in the jQuery Ajax framework, depending on when you want the notification to be sent...
I'm using ASP.Net MVC beta 1 and I'm using the asp.net membership provider with the standard authentication controller to restrict access to my site.
I'm using ajax functionality to provide e.g. editing of values by loading partial views into a div with either jQuery $.get/$.ajax or with the Ajax.Actionlink MVC helper. This all works fine most of the time.
My problem comes once the login times out and you click on one of the ajax edit links - the ajax call returns the login page which is put into the div normally used for the edit form.
I want to find a way to redirect the whole page to the login form, when the authentication has timed out and an ajax link is clicked.
One way I can think of is looking at the html returned from the ajax call in the response callback and searching for the 'login' text or form field and doing a redirect from there - but this doesn't feel very clean - is there a better way?
This might help some:
Bypass Forms Authentication auto redirect to login, How to?
From the above answer it looks like http 403 isn't intercepted by Forms Authentication, so you can roll your own ActionFilter that returns an http 403 response if its an Ajax Request and Authorization failed.
On the client side, you could then check the response code for 403, and redirect to the appropriate login url.
There are probably other ways to do this as well!