• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: authentication
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: authentication

  • Subject: Re: authentication
  • From: Tom Pelaia <email@hidden>
  • Date: Mon, 03 Feb 2003 08:56:34 -0500
  • Organization: SNS Application Programming Group
We implement secure login, but the users are added to a database in advance. We don't allow users to become members, since we have an internal site and every employee is automatically added as a member. So if it helps at least in part, I describe below a custom, secure login page that we use.

You might want to first check Apple's technical article on secure login:
http://developer.apple.com/techpubs/webobjects/WebObjects_5/Topics/ProgrammingTopics.e.html

There are several options. You can share a database connection (default) in which case you should look at the EOAdaptor class and especially the method: assertConnectionDictionaryIsValid() to check the validity of a login against a database user login. We take a different approach so we can manage user database access and keep statistics at the database level. We use SSL and create our own custom login box, but we maintain separate database connections for each user. We use each user's individual database access password to validate the user. In the session constructor we instantiate an EOObjectStoreCoordinator and create and set the default editing context from it.


eoCoordinator = new EOObjectStoreCoordinator();
EOEditingContext editingContext = newEditingContext();
setDefaultEditingContext( editingContext );

and newEditingContext() is:

public EOEditingContext newEditingContext() {
   EOEditingContext editingContext = new EOEditingContext(eoCoordinator);
   editingContext.setUndoManager(null);
   return editingContext;
}


In the Main class we define two methods (one to login the user and the other to fetch
the user object from the database). The User instance is an enterprise object representing the
corresponding User database record. The failedLogin variable is a boolean which allows
us to feedback the login status to the user.

protected void loginUser() {
   EOEditingContext editingContext = session().defaultEditingContext();
   NSMutableDictionary userLogin = new NSMutableDictionary();

   userLogin.setObjectForKey(userId, "username");
   userLogin.setObjectForKey(password, "password");

EOUtilities.connectWithModelNamed(editingContext, "OurModel", userLogin);
}


protected void fetchUser() {
EOEditingContext editingContext = session().defaultEditingContext();
NSDictionary bindings = new NSDictionary(userId.toUpperCase(), "userId");

EOModel baseModel = EOModelGroup.defaultGroup().modelNamed("OurModel");
User user = (User)EOUtilities.objectWithFetchSpecificationAndBindings(editingContext, "User", "byUserId", bindings);
((Session)session()).setUser(user);

   if ( user == null ) {
       System.out.println("No such user found: " + userId);
       failedLogin = true;
    }
    else {
       failedLogin = false;
    }
}




Kenneth Foust wrote:

I am building a webobjects application for the internet. I need to have a very secure authentication module where users may login and if not yet a user you can choose to register which will cost you. There will be many many users so do I need to put them in the database or does webobjects put them somewhere?????

I looked at the jcauthentication but in appears that you have to use interface builder which will in turn screw up the webobjects app. Or can you use NIB?? I didn't think it would go to a browser as HTML.


question
1 can you design a component via WO builder and link it into jcauthentication ??
2. Is there a tutorial or example anywhere

I don't want to get into things like swing as i hear it really slows your app. Also I can't require that users have a JVM it has to be dynamic to browser

The tutorials are good but where does one find examples of more applications??

thanks
email@hidden
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored. 


--
Tom Pelaia
SNS Project, 701 Scarboro Road, MS-6473, Oak Ridge, TN 37831
phone: (865)574-6421, fax: (865)574-6617
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
References: 
 >authentication (From: Kenneth Foust <email@hidden>)

  • Prev by Date: D2WEditRelationshipPage.setMasterObjectAndRelationshipKey error
  • Next by Date: Re: Newbie question-WO and data uploading
  • Previous by thread: Re: authentication
  • Next by thread: Re: authentication
  • Index(es):
    • Date
    • Thread