[Seaside] Question on page redirection
Avi Bryant
seaside@lists.squeakfoundation.org
Sun, 29 Dec 2002 10:50:49 -0800 (PST)
On Sun, 29 Dec 2002 tblanchard@mac.com wrote:
> When I've done WebObjects applications, I've overridden the method
> pageWithName in session to return the login page if the cookie auth
> token was missing.
>
> Whats the good bottleneck in seaside for trapping a request for a page
> and replacing it with a login page so that I don't have to replicate
> the test for credentials everywhere?
Funny, Julian and I were just talking about that last night. There really
isn't a great place to do that right now. One thing to do would be to
write a framing component that conditionally showed either your
application or the login page; ie, if your entry point component is
currently, say, ToddApp, then instead make it something like
WAComponent subclass: #ToddFrame
instanceVariableNames: 'main login'
classVariableNames: ''
poolDictionaries: ''
category: 'Foo'
initialize
main := self containerFor: ToddApp new.
login := ToddLogin new.
renderOn: html
session hasUserInfo
ifTrue: [html render: main]
ifFalse: [html render: login]
The main problem with that approach is that the check doesn't happen until
the response phase - if somebody requests a URL generated while a user was
logged in, they can still trigger an action before they're asked to
authenticate themselves.
To prevent that, you'd probably want to override
WASession>>wrapContinuation:withReturnBlock:. This method returns the
blocks/continuations that are effectively the request handlers. You
probably want something like this:
wrapContinuation: aContinuation withReturnBlock: aBlock
|continue|
block := super wrapContinuation: aContinuation withReturnBlock: aBlock.
^ [:request |
self hasUserInfo
ifFalse: [|login|
login := LoginPage new.
login withContinuationDo: [login start]].
continue threadSafeValue: request]
Need to run, so I'll explain that bit of code later...
Avi