I'm trying to limit the session access to a Struts application so the users will only be able to use 1 tab at the time. To do this, I have to create an ID everytime a new page is loaded and assign that ID to the user's session. By doing so, if the user uses a page with a different ID than the one registered in his session, the action will be rejected.
How can I do a listener on every page load? Which interface should I use?
Or do you have any other idea of how I could manage multiple tabs?
I'm Using Struts 1 and Java 4.
You could use Spring MVC Interceptors and override the preHandle method.
Returning false inside should cancel your request for not allowed additional tabs.
You can use an interceptor to do this. You will need to define it on your interceptor stack in your struts.xml and code the interceptor to check the JEE role information provided by your web application server. The interceptor can be coded to give a redirect result on the other tab if there was recently an action called however you will probably need to coordinate it via JS generated ids and AJAX.
https://struts.apache.org/docs/interceptors.html
Related
Wondering the best way to prevent a GTM tag from firing. I found https://rbardini.com/automating-gtm-data-layer-tests/ which tags about fetching the dataLayer variable and comparing it in an assertion, but this looks like a clumsy approach when you want to write to the dataLayer on every page.
For example, it suggests:
const getDataLayer = ClientFunction(() => window.dataLayer)
We use Google Tag Manager to automatically load tags on our website. Unfortunately one of them is CloudIQ (from PayPal) which pops up an iframe overlay offering a newsletter signup or ability to save your shopping basket. The Trigger in our GTM setup for that tag is simply 'All Pages'. When it pops up it generally blocks our test because Selectors cannot be clicked.
Our page flow is over several pages of an online shop, e.g.:
visit home page, click a product - navigates to a product page
click some options on the product page, then add to cart
go through checkout flow
So there might be many pages visited due to click actions.
There is an ability in GTM to define Variables and then use them in Exceptions for a tag, so I could prevent the CloudIQ tag firing either via a/ a global variable or b/ a dataLayer variable. However, I can't see how to elegantly get these set for each page visited during my test, such that they would exist when the GTM examines variables in order to block a Tag from being loaded. Fixture.beforeEach isn't right because it would only run once per fixture, and any data it set on the page's scope would be lost as soon as a page navigation occurs.
Anyone got experience of this sort of thing?
(The alternative of course is to detect the overlay, use switchToIframe to switch into the CloudIQ iframe and close it manually, but it pops up quite erratically and I'd prefer to simply disable the Tag altogether during tests as it's not core functionality of our website that we need to test.)
One way would be to set a custom user agent string to your test suite, create a custom javascript variable that returns the value for navigator.useragent, and make an exception trigger that blocks the tag.
Or any variation on that theme - set a cookie, use a url parameter, or if you test suite allow inject a global js variable, and check for the value in an exception trigger.
There is no need to avoid firing of events on the client side. Just mock the service routes for Google Tag Manager and CloudIQ and imitate correct responses for them.
Inside my app, I'm using the WKWebView to display a website. My goal is, when user is pressing a button on this website, I want to stop an action linked to this event and replace it with my own, natively made (custom action outside the WKWebView). I've been trying to search for any solution to fetch mentioned event but unsuccessful. What more came to my mind, if there is a way to fetch a JavaScript in WKWebView, I have a possibility to add some JS script code to this site (not to delete the action I want to block). Thank you for any help.
First, do you have a permission to mess with this web site's behaviour? I assume you do, otherwise it is likely illegal.
Second, try using Safari Web Inspector with a device/simulator, and use the DOM tree and console tools to find out what is the HTML/javascript that is involved with this action on this site.
If you can't find what happens in HTML/JS yourself, feel free to post a new separate question on SO with your target URL, some HTML/JS code, and which link/action you want to replace. Tag the question with "javascript" and ask if it is possible to write some javascript to replace that particular action to some custom JS code.
Usually there are 2 types of actions: either it is something that provokes AJAX calls to a server API triggered by an event handler, or it is a plain HTML link that results in a web navigation. For both cases it is possible to write a JS script that overrides the action.
Finally, use WKUserScript to inject javascript into the page, and override the action. Use window.webkit.messageHandlers to send an event from your custom action to the app side. Use WKScriptMessageHandler to process the event in the Objective-C or Swift code.
See an example here: http://nshipster.com/wkwebkit/
In my MVC application, I dont want any user to type in the address bar of the browser and navigate to any controller action directly.Can I enable this for the whole application?if yes ,How? Can you please let me know the concept name ?
Also I dont want to do that through Request.URLReferrer because it has its own security risks (per Avoiding user to navigate to a view by entering url in the browser)
Thanks in advance!
You need to use Custom Action Filter Attributes, See :
http://www.asp.net/mvc/tutorials/hands-on-labs/aspnet-mvc-4-custom-action-filters
****Updated:**
As Parsanna mentioned in comment,
You can use the [ChildActionOnly] attribute on your action method to make sure it's not called directly, or use the ControllerContext.IsChildAction property inside your action to determine if you want to redirect.
See :Asp.net mvc How to prevent browser from calling an action method?
I am going to write a widget such as user could select country and city.
The widget will use geo db from vk.com, but I want to request vk.com from the server-side, internally. Currently I am doing so by actionSuggestCities().
browser <-- widget: js routine <-- site: actionSuggestCities() <-- vk.com: api
How could I make a well-formed widget, such that someone could install it and do not add actionAutocomplete() in his controllers?
I think the best is to provide a an action with the widget as an extension, to be reused in every controller using the extension, an action class extends CAction can be configured can has it's own behavior etc, read the wiki and the api
I am following this tutorial http://wicket.wordpress.com/2010/01/08/template-for-building-authenticated-webapplication/ in order to learn how to make login and authentication using wicket.
My question/problem is that my login area is on the header and therefor one can login on every page.
If my application class should inherit AuthenticatedWebApplication, then I must override getSignInPageClass method. What page class should I provide?
Is there any other best tutorial to add authentication using wicket?
The sign in page is displayed when the user attempts to access a Page or other component which requires authorization to create. If your application allows login on every page, then none of your pages require authorization, and the sign in page will never be displayed. I suggest you set it to the home page.
As all your pages are visible, you can't use the #AuthorizeInstantiation annotation on your page classes. Instead, you must control visibility of components within the page using the RENDER action instead. For example,
MetaDataRoleAuthorizationStrategy.authorize(mycomponent, RENDER, "SYSADMIN");
The only example I can find is at wicketstuff.org.