3 Replies Latest reply: Apr 29, 2013 8:11 AM by Jiri.Machotka-Oracle RSS

    Question regarding Filter

    Bunty
      1) how to write custom message to outputstream from filter?
      2) how to invalidate the current user session?
      3) how to prevent further execution of the code (no return value check...alterProviderAttributes).
        • 1. Re: Question regarding Filter
          Jiri.Machotka-Oracle
          1) how to write custom message to outputstream from filter?
          I believe the answer is: like from any other Java program.

          There are, however, few things you need to consider: if I take a sample program
          OutputStream output = new FileOutputStream("c:\\data\\output-text.txt");
          
          while(moreData) {
            int data = getMoreData();
            output.write(data);
          }
          output.close();
          (taken from http://tutorials.jenkov.com/java-io/outputstream.html )

          Q1: what lines do you want to have in your filter? If all, then it's a copy&paste exercise, if only lines in the middle, the question is where will you take your output from? You could have it stored in the binder, or in SharedObjects, but the stream will have to be opened whenever necessary, etc. (overall, sounds like something that can break easily).

          Q2: you will have to consider where you want to have the "c:\\data\\output-text.txt" located (the filter will run on the server, so it will be a path to a server directory)

          Overall, for logging a message, I'd take a look at Log4J - http://logging.apache.org/log4j/1.2/ rather than use plain outputstreams. It will require some struggle how to add the library to your component, but it will pay off.

          2) how to invalidate the current user session?
          How about perform a logout? There are probably several ways to achieve the required. Pls. share more details about your use case (mainly, the "business purpose").

          3) how to prevent further execution of the code (no return value check...alterProviderAttributes).
          If you mean further execution of the code in the filter, then return Java command is OK - note that filter's method doFilter returns an int value, so return 0 for successful, return anything else for a failure.
          If you mean further execution of the code in the service where the filter was fired off, then take a look at exceptions.

          I haven't studied it in deep, but I have a component for folderQuota check, hooked to validateCheckinData filter event and the line
          throw new ServiceException("text");
          prevents the content to be checked in.


          I'm also curious if you find my answers at least "Helpful" :-)
          • 2. Re: Question regarding Filter
            Bunty
            Thanks jiri!
            what I am tryign to do...
            read the request header and parse the cookie for "mycustomCookie". If set to true, then I check if the user belongs to a specific AD group (mapped to role) and continue or terminate the session. I am trying to do this after login .
            1) I was getting m_output from service class and trying to write to the output stream as below...
            OutputStream os = (OutputStream)service.getOutput(); 
            os.write(StringUtils.getBytes("Access Denied.", "UTF8"));
            os.close();
            doesn't seem to work. instead...PERSONALIZED_JAVASCRIPT is displayed.
            2) I tried m_loginState (of ServiceHttpImplementor class) = "0"...this sorta need to look into it more.
            3) return 0/1 statement is no good as there is no validation for alterProviderAttributes return value. I will give "throw new exception" a try.

            Edit: alterProviderAttributes doesn't seem to do the job. Any ides on which filter (must have roles mapped and should be triggered after login, not for every service request) I can use?

            Edited by: Bunty on Apr 26, 2013 11:18 AM
            • 3. Re: Question regarding Filter
              Jiri.Machotka-Oracle
              OK. Understood.

              I tried the following scenario:
              - in one browser I logged in as an admin, turned on full verbose system-wide tracing on 'requestaudit', and 'services' (beware! 'services' are really chatty!)
              - cleared the console output
              - then, from a different browser I tried to login

              You will get a long list of filter events (some of them might be called by concurrent back-end processes).

              I'm not sure if alterProviderAttributes will be helpful - it is used to provide additional information rather than doing something. However, in my test I found another one, checkForceLogin which could be a doer.

              I'd also try a similar scenario:
              - in one browser I logged in as an admin, turned on full verbose system-wide tracing on 'requestaudit', and 'services' (beware! 'services' are really chatty!)
              - cleared the console output
              - then, from a different browser I tried to login with an incorrect password

              and somehow compare these two logs.