From Documentation

Jump to: navigation, search




Contents

Purpose

Display a custom Ajax login popup page

Example

We will build upon the same example introduced in the previous section and add a custom login page that can be used for Ajax login popup of ZK Spring Security. In that example we secured ZK component events which in turn causes ZK Spring Security to display Ajax login popup for users to logon to the application. By default this Ajax login popup uses Spring Security's default login page to be displayed in ZK's hilighted window component. In this example we will demonstrate how developers can define and configure a custom login page to be displayed as a login popup instead of default login page. Let's take a look at the result of this example first and then we will describe the details.

ZKSpringEssentials SecurityExampleAjaxLoginPopup.jpg

Configuration

Since this example builds upon the one introduced in the previous section all configurations of that example still apply here i.e. declare ZK Spring Security namespace at the top of your security configuration file and set custom ZK Spring Security filters in the <http /> element. In addition to that you only need to configure ZK Spring Security to use a custom login page to be displayed in Ajax login popup window. It can be done as shown below.

     <zksp:zk-event login-template-close-delay="5">
        <zksp:intercept-event event="onClick" path="//**/btn_*" access="ROLE_TELLER" />
        <zksp:intercept-event path="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <!-- Configuring Ajax popup login -->
        <zksp:form-login login-page="/popupLogin.zul"/>
     </zksp:zk-event>

Here assuming that you have declared a prefix zksp for ZK Spring Security namespace schema, you need to add a <form-login /> element to the <zk-event /> element and set its login-page attribute to the location of your custom login page. Setting this attribute value will cause ZK Spring Security to display your custom login page in the login popup instead of default Spring Security page.

Make sure your popup login page uses standard login form names and action url as specified by Spring Security. Here is a sample login page written in ZUML.

<?page id="testZul" title="CUSTOM ZK + SPRING SECURITY LOGIN(popup)"?>
<window id="loginwin" title="CUSTOM ZK + SPRING SECURITY LOGIN(popup)" border="normal" width="350px">
    <!-- this form-login-page form is also used as the
         form-error-page to ask for a login again. -->
    <html style="color:red" if="${not empty param.login_error}">
      <![CDATA[
        Your login attempt was not successful, try again.<br/><br/>
        Reason: ${SPRING_SECURITY_LAST_EXCEPTION.message}
       ]]>
    </html>

    <groupbox>
    <caption>Login</caption>
    <h:form id="f" name="f" action="j_spring_security_check" method="POST"
    xmlns:h="http://www.w3.org/1999/xhtml">
        <grid>
            <rows>
                <row>User: <textbox id="u" name="j_username"/></row>
                <row>Password: <textbox id="p" type="password" name="j_password"/></row>
                <row><checkbox id="r" name="_spring_security_remember_me"/>Don't ask for my password for two weeks</row>
                <row spans="2">
                    <hbox>
                        <h:input type="submit" value="Login"/>
                        <h:input type="reset" value="Reset"/>
                    </hbox>
                </row>
            </rows>
        </grid>
    </h:form>
    </groupbox>
</window>

Note: Now that as the application could possibly have three different login pages, it is important to understand how login popup chooses which one to use. The three login pages are Spring security default login page, custom login page that you can configure by <form-login /> child element of <http /> element in standard Spring Security namespace and custom popup login page that you can configure by <form-login /> child element of <zk-event /> element in ZK Spring Security namespace. In such a scenario ZK Spring Security will give highest priority to login-page set on <form-login /> element of ZK Spring Security namespace. If it is not set then it will try to use login-page set on <form-login /> element of standard Spring Security namespace. If no custom login page is set then it will use default Spring security login page.

Version History

Last Update : 2011/8/25


Version Date Content
     



Copyright © Potix Corporation. This article is licensed under GNU Free Documentation License.