J2EE developer with over 7 years of experience in designing and implementing enterprise j2ee solutions based on open source technologies like Tapestry, Hibernate, Spring. Current interests include Tapestry, Plastic, Spock, Scala. Taha is a DZone MVB and is not an employee of DZone and has posted 40 posts at DZone. You can read more from them at their website. View Full User Profile

Tapestry: Using ComponentRequestFilter

07.11.2012
| 1547 views |
  • submit to reddit

This example is similar to Securing Tapestry pages with Annotations, Part 1. My use case is to redirect a user to the starting page of a multiple step wizard in case a request is directly made to an intermediate step and the session has not been properly setup. One way to solve this problem (the ugly way) is to add a condition to every entry point in the page

public class MyPage
{
    @SessionState(create = false)
    private ShoppingCart shoppingCart;

    @OnEvent(EventConstants.ACTIVATE)
    Object activate()
    {
        if(shoppingCart == null)
        {
           return Index.class;
        }
        return null;
    }

    @OnEvent(EventConstants.SUCCESS)
    Object doSomething()
    {
        if(shoppingCart == null
        {
           return Index.class;
        }

        .....
    }

The problem with this code is that you have to check this condition for all event-handlers(Form, EventLink etc). A more elegant solution would be to use annotation secured by a ComponentRequestFilter.

@RequireSession(value = ShoppingCart.class, redirectPage = "Index")
public class MyPage {
}

So let us start with the annotation

@Documented
@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
@interface RequireSession {

    Class<?> value()

    String redirectPage()

}


The RequireSession#value() should be set to the class which should be available(as instance) in the session when the page is requested. If the class is not available, the user should be redirected to the RequireSession#redirectPage() page.

The ComponentRequestFilter to do the magic is :-

class RequireSessionFilter implements ComponentRequestFilter
{

    private ComponentSource componentSource

    private ApplicationStateManager applicationStateManager

    private Response response

    private PageRenderLinkSource pageRenderLinkSource

    RequireSessionFilter(ComponentSource componentSource,
            Response response,
            ApplicationStateManager applicationStateManager,
            PageRenderLinkSource pageRenderLinkSource)
    {
        this.componentSource = componentSource
        this.response = response
        this.applicationStateManager = applicationStateManager
        this.pageRenderLinkSource = pageRenderLinkSource
    }

    @Override
    void handleComponentEvent(ComponentEventRequestParameters parameters,
            ComponentRequestHandler handler)
    {
        if(redirectIfObjectNotInSession(parameters.activePageName))
        {
            return
        }

        handler.handleComponentEvent(parameters);
    }

    @Override
    void handlePageRender(PageRenderRequestParameters parameters, ComponentRequestHandler handler)
    {
        if(redirectIfObjectNotInSession(parameters.logicalPageName))
        {
            return
        }

        handler.handlePageRender(parameters)
    }

    private boolean redirectIfObjectNotInSession(String pageName)
    {
        Component component = componentSource.getPage(pageName)
        if(component.class.isAnnotationPresent(RequireSession))
        {
            RequireSession annotation = component.class.getAnnotation(RequireSession)

            if(!applicationStateManager.exists(annotation.value()))
            {
                redirect(annotation.redirectPage())
                return true
            }
        }

        return false
    }

    private void redirect(String pageName)
    {
        response.sendRedirect(pageRenderLinkSource.createPageRenderLink(pageName))
    }


}

It filters both the page render requests and the component event requests. In case there is a @RequiresSession annotation, the session is checked for the given class and if it is not present, the user is redirected to the RequireSession#redirectPage() page.

Finally the ComponentRequestFilter contribution in AppModule

@Contribute(ComponentRequestHandler.class)
public static void contributeRequestFilters(
        final OrderedConfiguration<ComponentRequestFilter> filters) {

    filters.addInstance("RequiresSessionFilter",
            RequiresSessionFilter.class, "after:ErrorFilter");
}

 

 

 

Published at DZone with permission of Taha Siddiqi, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)