• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: WO Authentication
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WO Authentication

  • Subject: Re: WO Authentication
  • From: Stefan Wiesendanger <email@hidden>
  • Date: Tue, 4 Mar 2003 15:44:12 +0100
There's also some bits of code at wodev.com that might help....

http://wodev.spearway.com/cgi-bin/WebObjects/WODev.woa/wa/ Main?wikiPage=HowToHandleLogin

Am Dienstag, 04.03.03 um 15:13 Uhr schrieb Reid Bundonis:

Reply to: RE: WO Authentication
Have you checked out chapter 7 of Professional WebObjects 5 from Wrox. There
is an sample solution for validating users and enforcing access on later
pages.
Adrian Williams wrote: 
Thanks for the feedback Ray,

I experimented with this too, and it works fine for performing the initial
validation of the user,
but now I'm interested in the best way to secure each and every component >in
the application, so
that any 'bookmarked' pages will redirect to the login page if this session
hasn't already been
validated.

I was considering extending the WOComponent class as a 'SecureComponent'
class (or similar) and
having the constructor check the Session object for a 'validated' instance
variable or maybe check
for a client cookie, etc. etc....

Obviously there's a million ways you could do this, but I was wondering
whether there is an
accepted 'best-practice' way of doing it... Just trying to avoid
re-inventing the wheel really
(especially if, as a beginner with WO, I do it in a duff way!)...

All pointers would be very welcome...

Thanks again
Adrian Williams


Adrian,

I find myself to be in a place very similar to yours. I have just
finished the tutorials and am 
working on my first "real" project.

The way I approached the situation was to create a database table of
users (was also relevant
as was presenting data appropriate to the user, so needed a login). I
then created the Main
page with 2 fields (login & password) and then had a fetch for records
matching those entries.

If there was one matching record (hopefully there will never be more >than
one) then the user 
was validated.

I also altered it at a later stage where it did the fetch to match the
login id, and then did a
comparison to see if the password matched. This was just so I could give
a different error 
message dependant on  whether the login was bad, or the password.

I don't know if there are more secure methods, but there is one option.

Ray.
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/webobjects-dev Do not
post admin requests to the list. They will be ignored. 
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.


RFC822 header
-----------------------------------

RECEIVED: from SF_Database by POP_Mailbox_-1165360590 ; 04 MAR 03 07:11:46
UT
Received: from LISTS.APPLE.COM by mail.imc-nj.com
with SMTP (QuickMail Pro Server for MacOS 1.1.2); 04-Mar-2003 >07:11:46
-0500
Received: from lists.apple.com (localhost [127.0.0.1])
by lists.apple.com (8.12.8/8.12.8) with ESMTP id h24C68cw016105;
Tue, 4 Mar 2003 04:06:08 -0800 (PST)
Received: from imac.local (pc2-rdng3-3-cust131.winn.cable.ntl.com
[80.5.158.131]) by lists.apple.com (8.12.8/8.12.8) with ESMTP id
h24C4nhW016033 for <email@hidden>; Tue, 4 Mar 2003
04:04:49 -0800 (PST)
Received: from mydomain.com (localhost [127.0.0.1]) by imac.local
(8.12.6/8.12.6) with SMTP id h24C4lF0003584; Tue, 4 Mar 2003 12:04:47
GMT
Received: from 206.212.89.240 (proxying for unknown) (SquirrelMail
authenticated user adrian) by imac.local with HTTP; Tue, 4 Mar 2003
12:04:47 -0000 (GMT)
Message-ID: <email@hidden>
Date: Tue, 4 Mar 2003 12:04:47 -0000 (GMT)
Subject: RE: WO Authentication
From: "Adrian Williams" <email@hidden>
To: <email@hidden>
In-Reply-To: <email@hidden>
References: <email@hidden>
Cc: <email@hidden>
X-Mailer: SquirrelMail (version 1.2.11)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Sender: email@hidden
Errors-To: email@hidden
X-BeenThere: email@hidden
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe:
<http://www.lists.apple.com/mailman/listinfo/webobjects-dev>,
<mailto:email@hidden?subject=unsubscribe>
List-Id: WebObjects Development <webobjects-dev.lists.apple.com>
List-Post: <mailto:email@hidden>
List-Help: <mailto:email@hidden?subject=help>
List-Subscribe:
<http://www.lists.apple.com/mailman/listinfo/webobjects-dev>,
<mailto:email@hidden?subject=subscribe>
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored. 
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
References: 
 >RE: WO Authentication (From: Reid Bundonis <email@hidden>)

  • Prev by Date: RE: WO Authentication
  • Next by Date: Re: NEWBIE! WO Authentication
  • Previous by thread: RE: WO Authentication
  • Next by thread: Re: WO Authentication
  • Index(es):
    • Date
    • Thread