about Login Page

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

about Login Page

Saeid
This post was updated on .
Hi Everybody!
I am newbie in the appfuse ,so have some elementary questions about Login Page:

1) As we know, for using a tag like <c:if test="${param.error != null}"> or <c:if test="${appConfig['rememberMeEnabled']}"> we need already to use a given <c:set var=...> tag. but i didn't see any <c:set...> tag in this page or in the others. May anybody please tell me where the param or appConfig has defined? is them an attribute's set in a given action/class?

2) Where boostrap's features are added to elements like <input>, <button> ,...? I just saw a simple tag without any additional feature:

<input type="text" name="j_username" id="j_username" class="form-control"
           placeholder="<fmt:message key="label.username"/>" required tabindex="1">

<input type="password" class="form-control" name="j_password" id="j_password" tabindex="2"
           placeholder="<fmt:message key="label.password"/>" required>

is there a given file that applied to all of the project?

3) As we know, it's usually defined at top of the page, for using any css file( between <head></head> tags, for example). My question is Where the css file (style.css) is applied/defined to the form (login page or the others)?

4) and Where headers and footers are applied to all the project? i can see Freemarker files but i don't understand how are they applied to a given page

5) when user submits the form the inputs should be compared with the database. where this compareness is carried out? i know  <bean id="userAction" ...> do that but what i don't understand is how submit button / or even form tag is bound to it? i mean how the action="<c:url value='/j_security_check'/> tag can choose the proper option? and how /j_security_check/ is related to userAction Bean?




As i said earlier, these questions are so elementary  since i've not share any teamwork project and the appfuse is an enterprise framework....so it's obviously the questions are in the same level.

thanks in advance....
saeid!
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: about Login Page

mraible
Administrator
You don't need <c:set> to set variables that other JSTL tags can read. They search for variables with the name, starting with page scope, then moving up to request, session and application. The "appConfig" is set in the StartupListener in application scope.

        context.setAttribute(Constants.CONFIG, config);

Bootstrap is just CSS, so it's applied with classes:

class="form-control"


On Thu, Sep 18, 2014 at 10:43 PM, Saeid <[hidden email]> wrote:
Hi Everybody!
I am newbie in the appfuse ,so have some *elementary *questions about it's
Login Page:
1) as we know for using a tag like <c:if test="${param.error != null}"> or
<c:if test="${appConfig['rememberMeEnabled']}"> we need already to use a
given <c:set var=...> tag. but i didn't see any <c:set...> tag in this page
or the others. Can anybody tell ,where the param or appConfig has defined?

2) where boostrap's features are added to for elements(<input> <button>
,...)?

3) where the css is applied to the form?


thanks in advance....
saeid!




--
View this message in context: http://appfuse.547863.n4.nabble.com/about-Login-Page-tp4657248.html
Sent from the AppFuse - Dev mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: about Login Page

Saeid
thank you again matt! but still remains 2 question:

1) You right about appConfig but what about param.error (in <c:if test="${param.error != null}">). I mean where we've defined it? is there any definition (like context.setAttribute(Constants.CONFIG, config); in StartupListener.java) for param? or not it's defined for the first time?

2) May you please tell me which file/class is responsible for comparing the user input with database?this is so important for me...

your answers are so helpful!!!!
thank you again!!!
saeid!
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: about Login Page

mraible
Administrator
"param" is an implicit object that's part of JSP EL:


The UserDao is the interface and its implementation is likely UserDaoHibernate - these talk to the database and persist/retrieve the user.

On Fri, Sep 19, 2014 at 9:22 AM, Saeid <[hidden email]> wrote:
thank you again matt! but still remains 2 question:

1) You right about appConfig but what about *param.error* (in <c:if
test="${param.error != null}">). I mean where we've defined it? is there any
definition (like context.setAttribute(Constants.CONFIG, config); in
StartupListener.java) for param? or not it's defined for the first time?

2) May you please tell me which file/class is responsible for comparing the
user input with database?this is so important for me...

your answers are so helpful!!!!
thank you again!!!
saeid!




--
View this message in context: http://appfuse.547863.n4.nabble.com/about-Login-Page-tp4657248p4657252.html
Sent from the AppFuse - Dev mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: about Login Page

Saeid
thank you again matt!
about question no. 2 ,I meant what files/classes are called before UserDao/UserDaoImplementation ?
Clearly Say, How does the appfuse understand that it has to run UserDao , whenever I click login button? i wanted you to explain it's process from the clicking to the calling ,please?

thank you matt!
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: about Login Page

mraible
Administrator
As I said, it's Spring Security that does this. Here's a sequence diagram that's similar to how things work.

http://ocpsoft.org/wp-content/uploads/2009/07/sequence.png

Basically, there's a filter mapped to /j_security_check (which is the action of the login form). Here's a more thorough description of the different parts in Spring Security.

http://abstractlayers.com/2012/11/10/concepts/

AppFuse's UserDaoHibernate implements Spring Security's UserDetailsService:

public interface UserDetailsService {
   org.springframework.security.core.userdetails.UserDetails loadUserByUsername(java.lang.String s) throws org.springframework.security.core.userdetails.UsernameNotFoundException;
}

So the filter calls this to get the authentication details. This returns a UserDetails, which is also implemented by AppFuse's User object.

http://docs.spring.io/autorepo/docs/spring-security/3.1.7.RELEASE/apidocs/org/springframework/security/core/userdetails/UserDetails.html

On Sep 19, 2014, at 10:25 PM, Saeid <[hidden email]> wrote:

> thank you again matt!
> about question no. 2 ,I meant what files/classes are called *before
> *UserDao/UserDaoImplementation ?
> Clearly Say, How does the appfuse understand that it has to run UserDao ,
> *whenever I click login button*? i wanted you to explain it's process *from
> the clicking to the calling* ,please?
>
> thank you matt!
>
>
>
>
> --
> View this message in context: http://appfuse.547863.n4.nabble.com/about-Login-Page-tp4657248p4657260.html
> Sent from the AppFuse - Dev mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: about Login Page

Saeid
Thank you again for Patiently Answering!
sincerely yours!
Saeid!
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: about Login Page

Saeid
This post was updated on .
In reply to this post by mraible
but still remains another question:
in UserDaoHibernate Class we have 2 methods: loadUserByUsername , getUserPassword.

Do you mean that UserDetailsService interface calls these 2 methods?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: about Login Page

mraible
Administrator
loadUserByUsername is called by Spring Security. getUserPassword is used to determine if the user's password should be encrypted or not. From UserManagerImpl.java:

            // Check whether we have to encrypt (or re-encrypt) the password
            if (user.getVersion() == null) {
                // New user, always encrypt
                passwordChanged = true;
            } else {
                // Existing user, check password in DB
                final String currentPassword = userDao.getUserPassword(user.getId());
                if (currentPassword == null) {
                    passwordChanged = true;
                } else {
                    if (!currentPassword.equals(user.getPassword())) {
                        passwordChanged = true;
                    }
                }
            }

            // If password was changed (or new user), encrypt it
            if (passwordChanged) {
                user.setPassword(passwordEncoder.encode(user.getPassword()));
            }

If you need to find where more methods are called, I'd suggest using your IDE's "Find Usages" feature.

On Sep 21, 2014, at 2:18 AM, Saeid <[hidden email]> wrote:

> but still another question:
> in UserDaoHibernate Class we have 2 methods: *loadUserByUsername *,
> *getUserPassword*.
>
> Do you mean that UserDetailsService interface calls these 2 methods?
>
>
>
> --
> View this message in context: http://appfuse.547863.n4.nabble.com/about-Login-Page-tp4657248p4657266.html
> Sent from the AppFuse - Dev mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: about Login Page

Saeid
This post has NOT been accepted by the mailing list yet.
thank you so much!!!
saeid!
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: about Login Page

Saeid
This post was updated on .
In reply to this post by mraible
I'm sorry matt!
I Used the IDEA's "Find Usages" feature and found two classes are using userDao.getUserPassword: UserManagerImpl.java , UserDaoTest.java ... but still remains many questions (due to i want to reconstruct this module to better understand)

No. 1) Before Logging in

We've provided userDao Bean in file Security.xml as following:
<authentication-manager>
        <authentication-provider user-service-ref="userDao">
            <password-encoder ref="passwordEncoder">
            </password-encoder>
        </authentication-provider>
    </authentication-manager>

so the application's control is going to class UserDaoHibernate! But According to your Sentence, UserManagerImpl.getUserPassword is calling not UserDaoHibernate.getUserPassword.

1-1) Where we've set that UserManagerImpl.getUserPassword should be called (I've not seen any entry in struts.xml)?

1-2) Why we are not using UserDaoHibernate.getUserPassword? and basically what's this method's role?


No.2) After Successfully Logging in

2-1) Where have we set whether the Administrator Menu Option to be appeared or not?

thanks....
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: about Login Page

mraible
Administrator

On Sep 23, 2014, at 12:37 AM, Saeid <[hidden email]> wrote:

> I'm sorry matt!
> I Used the IDEA's "Find Usages" feature and found two classes are using
> *userDao.getUserPassword*: *UserManagerImpl.java , UserDaoTest.java *... but
> still remains many questions (due to i want to reconstruct this module to
> better understand)
>
> *No. 1) Before Logging in*
>
> We've provided userDao Bean in file Security.xml as following:
> <authentication-manager>
>        <authentication-provider user-service-ref=&quot;&lt;b>userDao*">
>            <password-encoder ref="passwordEncoder">
>            </password-encoder>
>        </authentication-provider>
>    </authentication-manager>
>
> so the application's control is going to class UserDaoHibernate! But
> According to your Sentence, *UserManagerImpl*.getUserPassword is calling not
> *UserDaoHibernate*.getUserPassword.

Yes, for authentication, it goes straight to the DAO. However, if you look at the logic I copied and pasted from the last message - it calls getUserPassword() when it checks to see if the password needs encrypting.

>
> 1-1) Where we've set that *UserManagerImpl.getUserPassword* should be called
> (I've not seen any entry in struts.xml)?

There is no getUserPassword() method in UserManagerImpl. It's only the DAO.

>
> 1-2) Why we are not using UserDaoHibernate.getUserPassword? and basically
> what's this method's role?
>

See line 120 in UserManagerImpl.java. There's comments to explain how it works:

https://github.com/appfuse/appfuse/blob/master/service/src/main/java/org/appfuse/service/impl/UserManagerImpl.java#L120


>
> *No.2) After Successfully Logging in*
>
> 2-1) Where have we set whether the *Administrator Menu Option* to be
> appeared or not?

menu-config.xml contains the menu items and the roles that can see them.

<Menu name="AdminMenu" title="menu.admin" description="Admin Menu" roles="ROLE_ADMIN" page="/admin/users">

Loading...