I used liferay 6.1, in my spring MVC portlet one button for only admin in jsp page.
so i want to do check that in controller if admin is login then only that button accessible otherwise no other user can access that.
jsp page all the datagrid content render with extJS so in my jsp all data with write in java script.So, How can we do that in that here is my image link i.imgur.com/Qwfbg2H.png
So can you tell me how can i check and implement that logged in user is admin .??
You can use permissionChecker.isOmniadmin() to check if logged-in user is admin.
permissionChecker is implicit object you will get when you have statement <theme:defineObject/> with proper tld declared in your jsp.
e.g.
<%# taglib uri="http://liferay.com/tld/theme" prefix="theme" %>
<theme:defineObjects />
Related
i am new in using abp.io . i am looking for a way to point as startup page. As per default it is using login page as startup page. I want it to point to a new landing page as startup page.
If you mean just a page inside your application, it depends if your application is just an api or MVC or a Razor Page application. But generally, redirecting to "LandingPage" from your Home Page/Controller action works.
If you mean an admin (back-office application) and a public application, you need to create a new application and register it as a client to identityserver.
You can check the microservice-demo sample that while BackendAdminApp.Host is an admin application, PublicWebSite.Host is a public application.
I'm using the Blazor Server templates included with Visual Studio 2019.
In the template application that uses local authentication, When I view the page without being authenticated, the AuthorizeView tags work as expected, and the log in/out buttons on the navbar are displayed dynamically based on these tags. I am able to view the counter and weather forecast pages as a guest.
In the template application that uses Azure AD authentication, whenever I try and view a page without being authenticated, I'm redirected to the Microsoft login prompt. I'm still able to use the AuthorizeView tags to dynamically display components in the navbar, but what I want to be able to do is view the counter and weather forecast pages as a guest without getting redirected.
Is there any way to achieve this? Am I maybe missing something in App.razor?
Edit:
If I log out using the navbar link, and then navigate back with my browser, I can view the pages without authorization. But then when I refresh the page, I get sent back to https://login.microsoftonline.com/. What could be causing this? I want to view an unauthorized home page without getting redirected.
The behaviour you see is by design.
To change it you can make this change inside Startup.Configure :
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
//options.Filters.Add(new AuthorizeFilter(policy));
});
(and of course reduce this code to just services.AddControllersWithViews(); when you want to keep it this way.)
With this change you will have to block private pages with #attribute [Authorize] or with <AuthorizeView> and there is no automatic redirect to the login page.
Do you know if it is possible to deep link a custom tab on the left hand navigation?
In my web app I allow the user to login through SSO from Salesforce ( so I use salesforce as authentication provider ), than when the user credentials are ensured i redirect the user to the tab using an aspex url like the following:
https://{domain}/apex/{VisualforceTabsName}?sfdc.tabName={VisualforceTabsRef}
or a servlet integration link like the following:
https://na15.salesforce.com/servlet/servlet.Integration?lid={lid}&ic=1&linkToken={linkToken}
I got those links simply right clicking the tabs and copy the link, now this is not going to work on the new ligthening experience where the link is something like the following;
https://gs0.lightning.force.com/one/one.app?source=aloha#{token}
Now it seems to me that the token in this case is user specific, so it can't be used as high level reference to the Visualforce tab.
Do you know if there is a way to do the same in the Lightening Experience (Spring 16' release)? Or if there is a different way to achieve the same result?
Thanks
In Lightning Experience, you can reference custom tabs using the developer name of the tab (note that this is the API name of the tab containing the Visualforce page, not of the page itself). This URL should work:
{domain}/lightning/n/{tabName}
This assumes that you have already created a tab for your Visualforce page.
I want to use OAuth in my AngularJS application, and to do so I need to take the user to the Twitter OAuth page so that they can grant access. I could do this inside my application, but I'd prefer not to redirect the user out of the context of the Angular app (i.e. don't reload the page) and so what I want to do is open the authorization page in a pop-up or modal window. The user completes the workflow in that window and when they close the modal, the access token is stored in my app, or in a cookie.
I am really struggling to figure out how to open this pop-up and populate it with the Twitter grant authorization page.
> Here is an example: http://plnkr.co/edit/NeMAj32daePMopWaffkw?p=info
If you could get an external website to open in that modal then I think I might be part-way there?
I don't believe that's possible. Even if you could embed the Twitter auth page inside a modal's iframe, the OAuth flow would ways force it to redirect. Knowing that a redirect is applied to the entire page (e.g. browser window/tab) and not only to the iframe, it would end up redirecting your entire page.
And there's also the phishing risk
Your only option is to open a new browser tab/window(popup).
More information about Twitter's OAuth flows here and here.
I want to hide the admin part of my site if you are not in the admin role.
This means that while not logged in, the routing for the admin should return a 404 as not existing, and the view templates should not be served. Once logged in the routing table should be updated and templates should become available.
I think that the server part of not serving the pages could be done if using something like MVC for serving the templates, but I don't know if it is possible to have no references to the admin in angular till you are logged in?
So somehow angular needs to refresh its template for the menu, and routing table.