Re: secureWrapper, appendToResponse blueprint / sample code needed...
Re: secureWrapper, appendToResponse blueprint / sample code needed...
- Subject: Re: secureWrapper, appendToResponse blueprint / sample code needed...
- From: Chuck Hill <email@hidden>
- Date: Mon, 14 Aug 2006 10:14:38 -0700
Hi,
On Aug 13, 2006, at 9:58 PM, Mac Campbell wrote:
I am new to WebObjects and wanted to ask you all for some help...
there are several threads about login / security but I am not
getting it... please help if you can!
Ok, so from what I have seen, I think the best way to implement and
secure pages is with a “secureWrapper” component java class file,
that pages that need to be secured inherit from.
May I suggest that you download the source for GVC.SiteMaker from
http://www.sourceforge.net/projects/gvcsitemaker and then look at the
class GVCSiteMaker/Code/GVCSMCore/src/com/gvcsitemaker/core/
components/SMAuthComponent.java
That will give you a commented, working example of what you need to do.
We also throw a boolean, "isLoggedIn", in the session class that
the “login.wo” sets to true after a users credentials have been
verified.
It is probably better keep the User object in the session and define
isLoggedIn as authenticatedUser() != null. That User object always
comes in handy later...
appendToResponse() seems to be the chosen method of redirecting...
It is the phase in the request - response loop that redirecting is
appropriately done in.
which is one of the many things I am not getting here... it seems
overly complicated in the examples espically when compared to
pageWithName()...
Well, they do have wildly different jobs.
but I believe this is due to a WO constructor not being able to
return a different WO.. as during the execuition of the
crontstrucor the WO is not initated yet... ?
As in Java not allowing this. As in this being an inappropriate
place to redirect.
Then any WO that a user needs to be authenticated for, lets say
main, “extends” the secureWrapper (instead of the normal
WOComponent), and then the main's constructor calls the
appendToResponse method
NO! _you_ never call appendToResponse. The WebObjects frameworks
call it at the appropriate time.
that it inherited from the secureWrapper... and redirects based on
the value of the session boolean isLoggedIn.... (retuns null, in
this case leaving the user at main if isLoggedIn is true and
redirecting to “login” if the boolean is false )
This is not done at object construction time. You either have to do
this before or after the object has been constructed. Usually this
is done after so that the page can decide itself if the user can see
it or not (i.e. logged in and has correct permissions).
I think I have the logic right but the code is escaping me... I
tried hacking something out, but the appendToResponse() call in the
main.wo constructor gives a compile error of “cannot find symbol”.
Even if I try using n.appendToResponse() where n is anything and
everything I thought might work, I get the same error... And even
then I am not sure my appendToResponse usage is right.. or where I
am placing the call...
Um, sounds like you are wildly hacking. How well do you know Java?
If not well, you are well advised to brush up on this first before
tackling the complexity of WebObjects. My book (see sig) is going to
be a bit advanced for you, but may be of considerable use in
explaining the request - response loop.
If someone could throw me some example code for implementing the
above scenario, specifically how the main constructor and
appendToResponse in the secureWrapper should look that would be
hugely apperciated... or any other pointers that also apperciated...
You are way off track so hopefully the code I pointed you to above
will help.
Chuck
--
Practical WebObjects - for developers who want to increase their
overall knowledge of WebObjects or who are trying to solve specific
problems. http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden