Tapestry: Using ComponentRequestFilter
This example is similar to Securing Tapestry pages with Annotations, Part 1. My use case is to redirect a user to the starting page of a multiple step wizard in case a request is directly made to an intermediate step and the session has not been properly setup. One way to solve this problem (the ugly way) is to add a condition to every entry point in the page
public class MyPage
{
@SessionState(create = false)
private ShoppingCart shoppingCart;
@OnEvent(EventConstants.ACTIVATE)
Object activate()
{
if(shoppingCart == null)
{
return Index.class;
}
return null;
}
@OnEvent(EventConstants.SUCCESS)
Object doSomething()
{
if(shoppingCart == null
{
return Index.class;
}
.....
}
The problem with this code is that you have to check this condition for all event-handlers(Form, EventLink etc). A more elegant solution would be to use annotation secured by a ComponentRequestFilter.
@RequireSession(value = ShoppingCart.class, redirectPage = "Index")
public class MyPage {
}
So let us start with the annotation
@Documented
@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
@interface RequireSession {
Class<?> value()
String redirectPage()
}
The RequireSession#value() should be set to the class which should be available(as instance) in the session when the page is requested. If the class is not available, the user should be redirected to the RequireSession#redirectPage() page.
The ComponentRequestFilter to do the magic is :-
class RequireSessionFilter implements ComponentRequestFilter
{
private ComponentSource componentSource
private ApplicationStateManager applicationStateManager
private Response response
private PageRenderLinkSource pageRenderLinkSource
RequireSessionFilter(ComponentSource componentSource,
Response response,
ApplicationStateManager applicationStateManager,
PageRenderLinkSource pageRenderLinkSource)
{
this.componentSource = componentSource
this.response = response
this.applicationStateManager = applicationStateManager
this.pageRenderLinkSource = pageRenderLinkSource
}
@Override
void handleComponentEvent(ComponentEventRequestParameters parameters,
ComponentRequestHandler handler)
{
if(redirectIfObjectNotInSession(parameters.activePageName))
{
return
}
handler.handleComponentEvent(parameters);
}
@Override
void handlePageRender(PageRenderRequestParameters parameters, ComponentRequestHandler handler)
{
if(redirectIfObjectNotInSession(parameters.logicalPageName))
{
return
}
handler.handlePageRender(parameters)
}
private boolean redirectIfObjectNotInSession(String pageName)
{
Component component = componentSource.getPage(pageName)
if(component.class.isAnnotationPresent(RequireSession))
{
RequireSession annotation = component.class.getAnnotation(RequireSession)
if(!applicationStateManager.exists(annotation.value()))
{
redirect(annotation.redirectPage())
return true
}
}
return false
}
private void redirect(String pageName)
{
response.sendRedirect(pageRenderLinkSource.createPageRenderLink(pageName))
}
}
It filters both the page render requests and the component event requests. In case there is a @RequiresSession annotation, the session is checked for the given class and if it is not present, the user is redirected to the RequireSession#redirectPage() page.
Finally the ComponentRequestFilter contribution in AppModule
@Contribute(ComponentRequestHandler.class)
public static void contributeRequestFilters(
final OrderedConfiguration<ComponentRequestFilter> filters) {
filters.addInstance("RequiresSessionFilter",
RequiresSessionFilter.class, "after:ErrorFilter");
}
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)
