In Spring Security, I have a text field that is surrounded by an authorize tag. I want to customize this authorization which can be authorized just in Edit mode. In fact, the user that has this role can only see this field in Insert mode.
If the object is transient, this field should be active, and if the object is persistent, this field should be inactive or invisible.
This is my code:
<security:authorize url="/naturalPersonIdentifier.jsf">
<v:suggestTextEntry id="identifier"
maxResultNumber="5"
required="true"
text="#{naturalPersonBean.naturalPerson.identifier}"
</v:suggestTextEntry>
</security:authorize>
Related
I am showing a text field on a GSP template that is in a formRemote and has content auto populated and is disabled (no editing allowed to user). When the form is submitted, I don't see the content of this field among the params going to the controller. I do see it when I remove the disabled="true" attribute from the text field. Any way to resolve this? Here is the field in question:
<label>Secondary ID:</label> <g:textField name="secondaryId" disabled="true" style="border-radius: 5px" value="${recordToEdit ? recordToEdit.secondaryId : '' }"></g:textField>
Disabled form elements do not get submitted by the browser. You will need to enable the field(s) (through use of Javascript) prior to submitting the form.
In My MVC 4 application, I have a Multi Select List Box, where I can select multiple values, I also has an Item New Role as one of the list items, which also refers to a model property NewRole.
So using Jquery whenever the user selections contain New Role, I will provide a text box to the user, which is bind to NewRole from model as given,
#Html.TextBoxFor(m => m.NewRole)
Which also has the following evaluation field.
#Html.ValidationMessageFor(m => m.NewRole)
And I will hide this text-box if the user selected options does not has the Item New Role.
Now the problem is even if I hide the div which contain the Text Box, it will try evaluating the required field validation.
What I require is When User Selects New Role and the User did not enter anything in the provided text Box then validate the required field property.
I know I can write a JQuery to show an alert when the div visible and does't has any value. But I want this default validation should happen on that condition.
is it possible?
One of the trick to avid certain client side validation conditionally ... you can use the IGNORE attribute of the validation ...
jQuery Validate Ignore elements with style
$("#myform").validate({
ignore: ":hidden"
});
If this is not what you are looking ... I will provide more specific information
Yes it is possible with RemoteAttribute. Take a look at this article:
http://msdn.microsoft.com/en-us/library/gg508808(v=vs.98).aspx
Keep in mind that this is NOT client side validation meaning there is an actual server post happening.
Try using the rules add and remove, when new role is selected add new rule which validates the textbox on other selection remove the rule from text box and hide it like you are doing:
http://validation.bassistance.de/rules/
I'm using micrososofts unobtrusive jquery validation with MVC4 / razor and the default behavior appears to be to first validate on click of submit, and then after that validate onkeyup.
I'd like to change it so it starts validating onblur, and then after the first submit continues to validate on keyup as normal.
Is there a way I can change it to start validating on blur for all forms?
This is the default behaviour when using jquery validate directly or via Microsoft unobtrusive validation. If you enter a non valid entry into a field, that field will be validated on blur even before the field is submitted. If you focus and then blur a field without entering anything this field will only be validated on submitting the form.
From the documentation page section "A few things to look for when playing around with the demo"
Before a field is marked as invalid, the validation is lazy [but] if
the user enters something in a non-marked field, and tabs/clicks away
from it (blur the field), it is validated
I have forked the fiddle in the comment to demonstrate this using the unobtrusive plugin and some rendered html. http://jsfiddle.net/8wkS2/
"Links to jsfiddle.net must be accompanied by code." so here is the rendered markup produced by the server
<input type="text" name="field1" id="field1"
data-val="true"
data-val-required="This field is required"
data-val-length="The field LastName must be a string with a minimum length of 5."
data-val-length-min="5" />
I am new to struts2. I have jsp with the fields username, password, email, postal code like this. I used <s:password> tag for password field in input jsp. While submitting the page, if any errors in that page then redirecting the action to same input page. In this case the password field is cleared and other fields are there with entered values, but I want to show the password field with previously entered value instead of empty value. How?
Set showPassword property to true.
<s:password key="password" showPassword="true" />
What if I have ChangePassword form with hidden ID field of the user.
BadPerson knows id of GoodPerson. He opens Change Password form with FireBug, changes his Id to GoodPerson's Id, so password changes for GoodPerson.
Of course I can create some server logic that will prevent this, but I think there should be some out of the box solution, which throws if hidden field been changed, which I don't know.
EDIT
Ok, Change Password is a bad example. Any edit form where I have id in hidden field has same problem.
I agree with Darin that forms authentication will take care of the specific problem mentioned above (changing a password). This answer is for the more general question of making sure that a hidden field's value is not changed.
The best solution to this is to include another hidden field which contains a hash of the first hidden field's value. That way if the 1st hidden field is changed you will know it. The generated HTML looks something like this:
<input id="productId" name="productId" type="hidden" value="1" />
<input id="productId_sha1" name="productId_sha1" type="hidden" value="vMrgoclb/K+6EQ+6FK9K69V2vkQ=" />
This article shows how to do it and includes source code for an extension Html.SecuredHiddenField which will take care of the logic for you.
There is nothing that will let you know that a value of a hidden field's value has been changed or not. For a user to change his password it means that he needs to be authenticated. When using forms authentication the ID of the currently authenticated user is stored in an encrypted cookie which cannot be modified.
This is to say that you shouldn't use hidden fields for storing the currently connected user. Just use the built-in FormsAuthentication mechanism in ASP.NET and never store such information in hidden fields. The way ASP.NET knows that the value of the cookie hasn't been tampered with is that it signs it with the machineKey specified in the configuration.
There's an important rule that you should follow when dealing with security and authentication: always use built-in security mechanisms, never roll your own.