Re: WOA, Building a Login form
Re: WOA, Building a Login form
- Subject: Re: WOA, Building a Login form
- From: Drew Thoeni <email@hidden>
- Date: Sun, 3 Apr 2005 17:55:07 -0400
Jean-François has an excellent point here. I am new to WO/Java and this
code is from a "make it work" example (taking the Java mantra... make
it work, make it right, make it fast). This is one of the first classes
I wrote and, as I reach the "make it right" stage, I can now clearly
see the correct factoring here is choice "2" in Jean-François' list of
options.
Amedeo,
The more I learn about WO, the more large applications become simple.
While that may seem self-evident, consider large applications written
in "less advanced" languages. The larger a COBOL application gets, the
more complex it is. WO, with it's high degree of abstraction, at all
levels (presentation, business logic, database) makes it seems like the
code just slides right in. Jonathan "Wolf" Rentzsch, who contributes
here, says "If you're writing code, you're doing something wrong."
See his site: <http://rentzsch.com/webobjects/introTo5>
However, I can attest, there are times where, as a newbie, it seems
pretty darn hard.
Drew
On Apr 3, 2005, at 1:53 PM, Jean-François Veillette wrote:
Note that WO propose to the developer to use a very clean design,
where logic code is somewhere, in the business layer, and the display
related code is in WOComponent subclasses.
In most code snippets you can find on the web and mail archives, you
will be guided with an all-in-one implementation, where you get
display and logic related code all in one. This is for simplicity
purposes, to deliver a simple answer to a simple question. I'm
inclined to think that this is one of the factor that could explain
why newcomer do not get the 'power of wo' so quickly. If public code
snippets could both give a simple solution with a clean design, it
would reminds newcomers of the clean design of wo and of how to
approach it.
Note that 'all-in-one' is fine for quick implementation to 'make it
works'. But mid-term / long-term you want to re-factor the sample
code and separate display logic from business logic.
Consider the two options :
1- Should a ' display widget ' (a subclass of WOComponent) execute the
login action ?
and know all about it's implementation details.
2- Should a ' display widget ' (a subclass of WOComponent) _trigger_ a
login action ?
which action is implemented somewhere in the business layer (a
'black box' from the display perspective).
Here you have a nice piece of code, it will most likely work (I didn't
test myself).
Do not hesitate to take any public code apart and separate the login
mechanics from the display mechanics.
This is not a wo-specific issue, but you will gain the max from wo if
you get the wo mind-set as soon as possible.
- jfv
Le 05-04-03, à 12:14, Drew Thoeni a écrit :
First, I'm not, by any stretch, an expert WO/Java programmer. Given
that, here's some code I use that others on the list might have
improvement suggestions on.
/**
* Checks for null email address and password. If not null then
* This user is retrieved from the database and their encrypted
password
* of record is compared to what they entered. All methods calculating
the password
* or comparing the password add the user's email address before the
password
* as a salt to ensure no two password digests are the same.
* Requires import java.security.*
* @throws NoSuchAlgorithmException
*/
public WOComponent login() throws NoSuchAlgorithmException {
if (enteredPassword == null) { // User did not enter password
errorMsg = "Error: Password can not be empty.";
return context().page();
}
User tempUser = fetchUser();
if (tempUser == null) {return context().page();}
String encryptedPassword =
Converter.encryptPassword(enteredEmail.trim()+enteredPassword);
if (encryptedPassword.equals(tempUser.password())) { //
passwords match, user is authenticated
tempUser.setLastLogIn(new NSTimestamp());
tempUser.setTimesLoggedIn( new
Integer(tempUser.timesLoggedIn().intValue() + 1) );
ec.saveChanges();
}
else {
errorMsg = "Error: Password or email invalid.";
return context().page();
}
}
/**
* Fecths a single user from the database whose email address
* macthes the one input by the user attempting to login
*/
private User fetchUser() {
if (enteredEmail == null) {
errorMsg = "Error: Email address appears invalid.";
return null;
}
// fetch user from database
NSDictionary bindings = new NSDictionary(enteredEmail.trim(),
"primaryEmailIn");
User u = null;
try {
u = (User)EOUtilities.objectWithFetchSpecificationAndBindings(
ec, "User", "FetchSingleUser", bindings);
}
catch (Exception e) {
NSLog.debug.appendln("Unknown user with email " + enteredEmail +
" generated this login exception: " + e);
errorMsg = User.staticExceptionHandler(e);
ec.revert();
return null;
}
return u;
}
/**
* This static method (from Converter class) takes a string and
encrypts it using one-way encryption.
* @param String passwordIn is any string, but typically will be
* a clear text password to be encrpyted.
*/
public static String encryptPassword(String passwordIn) throws
NoSuchAlgorithmException {
String encryptedPassword;
MessageDigest md = MessageDigest.getInstance("SHA"); // Can be
"MD5" or "SHA" (MD5 is weaker)
md.reset();
md.update(passwordIn.getBytes());
byte[]arr = md.digest();
encryptedPassword = (new BASE64Encoder()).encode(arr);
return encryptedPassword;
}
On Apr 3, 2005, at 11:46 AM, Amedeo Mantica wrote:
I' looking for a code example
Thanks
Amedeo
On 03/apr/05, at 17:38, Drew Thoeni wrote:
Amedeo,
There are many apps on the web that show user authentication (the
Apple Store being an example). Are you looking for code or is there
a specific part of authentication you have a question about?
Drew
On Apr 3, 2005, at 11:30 AM, Amedeo Mantica wrote:
Hi,
I'm new to webojects applications, and I see that webobjects is
really nice and I want to switch from PHP!
Just a question, does anyone have a web example with user
authentication ?
Thanks
Best Regards
Amedeo Mantica
Insigno Design Studio
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden
This email sent to email@hidden
Amedeo Mantica
Insigno Design Studio
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden
This email sent to email@hidden
______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden