RE: WO Authentication
RE: WO Authentication
- Subject: RE: WO Authentication
- From: Reid Bundonis <email@hidden>
- Date: 04 Mar 03 09:13:30 -0500
Reply to: RE: WO Authentication
Have you checked out chapter 7 of Professional WebObjects 5 from Wrox. There
is an sample solution for validating users and enforcing access on later
pages.
Adrian Williams wrote:
>Thanks for the feedback Ray,
>
>I experimented with this too, and it works fine for performing the initial
>validation of the user,
>but now I'm interested in the best way to secure each and every component >in
the application, so
>that any 'bookmarked' pages will redirect to the login page if this session
>hasn't already been
>validated.
>
>I was considering extending the WOComponent class as a 'SecureComponent'
>class (or similar) and
>having the constructor check the Session object for a 'validated' instance
>variable or maybe check
>for a client cookie, etc. etc....
>
>Obviously there's a million ways you could do this, but I was wondering
>whether there is an
>accepted 'best-practice' way of doing it... Just trying to avoid
>re-inventing the wheel really
>(especially if, as a beginner with WO, I do it in a duff way!)...
>
>All pointers would be very welcome...
>
>Thanks again
>Adrian Williams
>
>
>> Adrian,
>>
>> I find myself to be in a place very similar to yours. I have just
>finished the tutorials and am
>> working on my first "real" project.
>>
>> The way I approached the situation was to create a database table of
>users (was also relevant
>> as was presenting data appropriate to the user, so needed a login). I
>then created the Main
>> page with 2 fields (login & password) and then had a fetch for records
>matching those entries.
>>
>> If there was one matching record (hopefully there will never be more >than
one) then the user
>> was validated.
>>
>> I also altered it at a later stage where it did the fetch to match the
>login id, and then did a
>> comparison to see if the password matched. This was just so I could give
>a different error
>> message dependant on whether the login was bad, or the password.
>>
>> I don't know if there are more secure methods, but there is one option.
>>
>> Ray.
>> _______________________________________________
>> webobjects-dev mailing list | email@hidden
>> Help/Unsubscribe/Archives:
>http://www.lists.apple.com/mailman/listinfo/webobjects-dev Do not
>> post admin requests to the list. They will be ignored.
>_______________________________________________
>webobjects-dev mailing list | email@hidden
>Help/Unsubscribe/Archives:
>http://www.lists.apple.com/mailman/listinfo/webobjects-dev
>Do not post admin requests to the list. They will be ignored.
>
>
>RFC822 header
>-----------------------------------
>
> RECEIVED: from SF_Database by POP_Mailbox_-1165360590 ; 04 MAR 03 07:11:46
UT
> Received: from LISTS.APPLE.COM by mail.imc-nj.com
> with SMTP (QuickMail Pro Server for MacOS 1.1.2); 04-Mar-2003 >07:11:46
-0500
> Received: from lists.apple.com (localhost [127.0.0.1])
> by lists.apple.com (8.12.8/8.12.8) with ESMTP id h24C68cw016105;
> Tue, 4 Mar 2003 04:06:08 -0800 (PST)
> Received: from imac.local (pc2-rdng3-3-cust131.winn.cable.ntl.com
> [80.5.158.131]) by lists.apple.com (8.12.8/8.12.8) with ESMTP id
> h24C4nhW016033 for <email@hidden>; Tue, 4 Mar 2003
> 04:04:49 -0800 (PST)
> Received: from mydomain.com (localhost [127.0.0.1]) by imac.local
> (8.12.6/8.12.6) with SMTP id h24C4lF0003584; Tue, 4 Mar 2003 12:04:47
> GMT
> Received: from 206.212.89.240 (proxying for unknown) (SquirrelMail
> authenticated user adrian) by imac.local with HTTP; Tue, 4 Mar 2003
> 12:04:47 -0000 (GMT)
> Message-ID: <email@hidden>
> Date: Tue, 4 Mar 2003 12:04:47 -0000 (GMT)
> Subject: RE: WO Authentication
> From: "Adrian Williams" <email@hidden>
> To: <email@hidden>
> In-Reply-To: <email@hidden>
> References: <email@hidden>
> Cc: <email@hidden>
> X-Mailer: SquirrelMail (version 1.2.11)
> MIME-Version: 1.0
> Content-Type: text/plain; charset=iso-8859-1
> Content-Transfer-Encoding: 7bit
> Sender: email@hidden
> Errors-To: email@hidden
> X-BeenThere: email@hidden
> X-Mailman-Version: 2.0.13
> Precedence: bulk
> List-Unsubscribe:
<http://www.lists.apple.com/mailman/listinfo/webobjects-dev>,
> <mailto:email@hidden?subject=unsubscribe>
> List-Id: WebObjects Development <webobjects-dev.lists.apple.com>
> List-Post: <mailto:email@hidden>
> List-Help: <mailto:email@hidden?subject=help>
> List-Subscribe:
<http://www.lists.apple.com/mailman/listinfo/webobjects-dev>,
> <mailto:email@hidden?subject=subscribe>
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.