SES and BuildLink and interceptor

I was playing around with the SES and security interceptor and discovered that these 2 do not work together as they are.

For example when it comes to this line.

if ( event.getCurrentEvent() eq “ehGeneral.doLogin” )

I find that the actual currentEvent is the full blown URL, I have also noticed that if I use the confog.xml.cfm to change the eventName. Regardless of SES or not the same thing happens.

I know I could do a contains here, but I would be asking myself why it isn’t stripped by the framework to only contain the event name and not the full url?

Any ideas?

Btw whats with the mailing list it has gone quiet…

Can you post more on this. I have several apps running SES and the security interceptor and haven’t reached any problems with them. Please post more info.

Hmm,

All I can post is this.

Config.xml.cfm

securityInterceptor

//Are we logging In

if ( event.getCurrentEvent() eq “ehGeneral.doLogin” )

loggingIn = true;

dspLogin.cfm

<input type=“hidden” name=“event” value="#Event.BuildLink(Event.getValue(“xehLogin”))#">

If I do a debug (line) the event.getCurrentEvent() returns http://127.0.0.1:85/index.cfm?do=ehGeneral.doLogin

And as it doesn’t equal what is in the code above, it fails. So if I remove the Event.BuildLink() from the view, it still fails because the eventName is do and not event. So as a last step I changed the eventName back to event and it works.

But if I use Event.BuildLink() it fails again. There is nothing more I can show you, the above code on the latest from SVN doesn’t work with SES interceptiors nor will it work if change the eventName to anything other than the default eventName of event. And these are all from the samples in the package, so if I am not doing the right thing then it is not reflected in the samples or on the website.

Hope that helps.

I I'm sure if this helps but are you aware of the methods
getCurrentHandler() and getCurrentAction()?

I am but how does that help?

I need to check the current event is in fact a login event, as per the
example. It works fine, if I do not use SES or change the eventName.

It is either a bug or an unwanted feature, it has been given plenty of
exmaples to use it this way in a secure method.

So whats your point?

Andrew, I think where I might be getting confused, is on the security interceptor part. Are you using your own interceptor or the one provided with ColdBox?

I will try to setup a test case for this issue and report back to you to see if this is a bug or not. It sounds like one. But we will investigate this issue ASAP.

Luis

I just build an app from scratch using ses, eventname = do and a custom interceptor intercepting at preProcess. I tried several convoluted ses routes and the getCurrentEvent() never returns any part of the url. So I am lost at what you are seeing. Maybe post your config.xml and the routes.cfm and some of the code that is giving you the problem. I will grab what you have and use it in my test case and see if I can reproduce it.

Can you please also note, what OS you are on and if you are using full ses rewrites via Apache or IIS or using the front controller approach of index.cfm/ehGeneral/home

Thanks Andrew.

Luis,

The config file is the same config file that came with the application template, the interceptor is the one in samples directory there is nothing more I can provide.

I added the interceptor into the config file as it is in that sample application. The interceptor code is unchanged, and does what it has to do. It also uses the same views / handler as that sample application. As well as the login method check against the xml file.

All I know, is that when line debugging.

if ( event.getCurrentEvent() eq “ehGeneral.doLogin” )

returns the full url path or is not excepting the event ehGeneral.doLogin, I do not know why or how it is but it is. I have not modified any code from the sample applications at all. And the config xml file is unchanged except for the inclusion of the interceptor, which is just this

So as event.getCurrentEvent() is a coldbox framework, and that instance is set and instantiated by the framework I am at a loss to explain this as well.

Again I am sorry, I can’t explain it anymore than I have already. I am just using the sample code that comes with the RC2 of coldbox and nothing more or extra.

Test #1:

Line break on the above mentioned line, and the current event is ehGeneral.dspHome or ehGeneral.doLogin if logging in.

Test #2:

Changed the eventName to eventName = do, when it passes over the above line. The CurrentView is never equal to ehGeneral.doLogin. So the loggingIn = true never gets reached, I have no reason why this is the case but only happens when I change the eventName to something other than event. I can’t explain it, and I now it is a sample application. But it doesn’t work.

Test #3:

Changed eventName back to eventName = event, and turned SES back on. Which uses the same routes file as the sample SES application uses. The behaviour here is that of Test #2, the CurrentEvent is always ehGeneral.dspHome and never changes to ehGeneral.doLogin.

Now if I remove the SES, and leave the eventName as event. Make no other changes it works again.

How do I explain with no code changes, this happens?

And yes, I reload the framework before I did each test.

Like I stated, this is all coming from the sample code within coldbox samples.

Please don’t ask me for any more code snippets, you already have them. But if you want me to zip it up and send it to you, then I am more than happy too. But as I said I never wrote the code, I just expect it to work the way it looks like it should.

Here is a screen shot, hope it comes through.

This is where the config file has eventName = event and has the SES interceptor switched on. And also has the Event.BuildLink() in the vwLogin.cfm page.

As you can see the variable testAndrew containes the full URL.

image001.png1680×1020 85.8 KB

So I will assume no one knows why this is happening then?

As a side note, I used the Event.BuildLink on a javascript location in the vwHome and I get this error

Application Execution Exception

Error Type: Framework.EventHandlerNotRegisteredException : [N/A]
Error Messages: The event handler: ehGeneral.doLogout.index is not valid registered event.

The code is as follows.

Even from the url, which is http://127.0.0.1:85/index.cfm/ehGeneral.doLogout will not work. There seems to be some major flaws in this interceptor, or even the framework itself. I have no explanation for this trouble, except I am losing my hair. The error from using this at the url is above, as well as from the link.

So after playing around with it some more I am still no closer…

However I did come across another problem with the SES and securityInterceptor.

Here are some of the problems I am encountering.

If an application as this.

setNextEvent(“security.authentication.dspHome”);

The url is not SES, it is as it would normally be, so that brings me to this problem.

I have discoveres that the url is appending the index.cfm if it is SES, to this

http://127.0.0.1:87/index.cfm/ehGeneral/index.cfm?event=ehGeneral.dspLogin

when it should be

http://127.0.0.1:87/index.cfm/ehGeneral/dspLogin

And if the controller has when the value of xehLogout is actually ehGeneral.doLogout

window.location=’#Event.BuildLink(Event.getValue(“xehLogout”))#’;

it will throw an error along the lines of, invalid handler ehHandler.doLogout.
index

I really think that there is some weird shit happening, BuildLink needs to identify ehGeneral.doLogout and make it /index.cfm/ehGeneral/doLogout
or something I think.

There is to much reliance on that someone knows that all events would need to be renamed from handler.action to handler/action

Sorry but I am not impressed with all the errors I am getting, and spending a day to work something out that should work the way one would expect. Nothing against the team, but come on make some of the guess work a little easier please.

Also, with the form and hidden input. Well it was because I had event and not do, so when I fixed that it sort of worked. But BuildLink, places http://127xxxxxxxx:85/index.cfm/ehGeneral.doLogin and beause it has the full URL the interceptor says nope not valid. I think that there needs to be an easier and more formal way to do this.

From a newbie point of view, this is not damn easy to implement for SES when the site is pre existing.

Sorry just so damn frustrated…

Luis,

I must have missed this…

It still doesn’t work, I am on Windows Vista and no I am not using any ISAP rewrite filters.

The problems I am having, is that the Event.BuildLink() seems to not work with handler.action if I go through the url it does work. But its the building in the HTML that is broken.

I showed a screenshot I hope that came through ok, which shows the getCurrentEvent() with the full URL.

If I can provide anything more, or even if there is som more info to get this to work correctly.

I am at a loss to get SES to work at all, is it me doing stupid things?

Hi Andrew,

I am looking into this issue and will let you know about if any fix
for buildLink() feature.

Thanks
Sana

Several things Andrew.

The ses guide shows you how setNextEvent() is for NON-SES apps, because the routing system is different. Therefore, the guide shows how to use the SetNextRoute() in order to build route withing
your application. When using the buildLink() method, you must pass in a route or an event syntax. The dot notation cannot be completely rewritten to use / because you can still use dot notation in routes. Example:

ehGeneral.doLogin this is the event syntax. To convert this to the default routes, it would be : ehGeneral/doLogin. Therefore, you would do event.buildLink(‘ehGeneral/doLogin’) or setnExtRoute(‘ehGeneral/doLogin’).

If you use packages or directories in your handlers, you will have to use the dot notation even on routes:
event.buildLink(‘admin.users/list/page/2’) or setNextRoute(‘admin.users/list’). So as you can see, I cannot convert dot notation to slashes because there can be an infinite number
of dot notation permutations within the routing system. You can read all the examples and the functions you can use in the ses guide.

I saw the screenshot that shows that the current event actually shows the url and that is really bizzare. I have not had a report like that since the ses interceptor was released in 2.5. I have tried
to reproduce what you said using the samples and I cannot for the life of me reproduce it. Maybe we can do a connect session and I can see your code and debug.

Hit me up via email, when you would like to do this and I will help you out. Again, some of the errors you are seeing are misconceptions on the way ColdBox does routing and the different methods that you can use.

Luis

Luis,

Thanks that’s what conclusion I came to with BuildLink, I guess if you are building for SES to begin with means it would be fine to continue. But if you need to convert an existing app to SES there are a hell of a lot of gotchas to be aware about.

Thanks.

The BuildLink bug with the full URL, is in fact the hidden form tag. I used buildlink there, if I remove it from that location I do not get the full URL and it behaves correctly.

I guess I was hoping that BuildLink would be smart enough to know that handler.action would become, handler/action automatically?

Good to hear. Here is a another point. You can create your own request context decorator and actually override the build Link method and you can change the “.” to “/” Automatically. something like this:

return getRequestContext().buildLink( replace(linkto,".","/",“all”) );

By doing that, you can decorate the build link to do it for you. I just don’t see a way to do it right now, without hindering the possibility of nested dot notation on routes: /admin.users/list.

Any suggestions.

Yeah thanks Luis, I did actually end up doing that with the BuildLink.

But call me blone, but isn’t replace(linkTo,’.’.’/’,’all’) provide the same problem you refer too?

Andrew and all.

After much considering the potential of usage of the buildlink method,
I will be adding a second parameter:
Translate = boolean [defaults to true]

That will translate "." to "/" and "/" to "." depending on the mode
you are on. If you will be doing nested "/" and "." routes, then you
will have to set translate to false. This is the best way to provide
a seamless method when working with and without ses. The repository
will be committed at night.

Luis

Luis,

Cheers man, but I have a question and it is because I really haven't had the
time to sit down and play with this stuff.

Now the one thing that I can say is this, Coldbox rocks and has got one of
the best documentation around for one to browse.

However, when it came to SES.

There was very little to guide me along the way, but that's the beauty of
this list:-)

Anyway I would like to know, you talked about nesting.

Could you elaborate some more on that, I just don't seem to get my head
around the problem that you actually described. I see that routes is pretty
flexible, however all I care about at the moment is that the url look
something like this

Domainname/index.cfm/handler/action

Then if I am right I think you mean that you can't do this

Domainname/index.cfm/package/handler/action

But without SES i can do

Domainname/index.cfm?event=package.handler.action

Am I close to the problem or what you describe in the nesting is something
else?