Re: secureWrapper, appendToResponse blueprint / sample code needed...
Re: secureWrapper, appendToResponse blueprint / sample code needed...
- Subject: Re: secureWrapper, appendToResponse blueprint / sample code needed...
- From: Anjo Krank <email@hidden>
- Date: Mon, 14 Aug 2006 20:08:21 +0200
A way simpler solution is to make a page wrapper for all your
components (which you should have anyway to get uniform header and
footers), wrap the component content in a conditional bound to
session.isLoggedIn and put the login form into another conditional
with session.isLoggedIn negated. The form sets the session variable
on success and always returns context().page().
Then you wrap all your page level components in it.
If only a few require logins, you wrap these two into yet another
conditional bound to ^requiresLogin and create an fourth conditional
bound to ^requiresLogin, only negated and put another component
content in there. Then bind requiresLogin in each page that applies.
There you go, not one line of java :)
Cheers, Anjo
PS: You should still buy the book, though.
Am 14.08.2006 um 19:14 schrieb Chuck Hill:
Hi,
On Aug 13, 2006, at 9:58 PM, Mac Campbell wrote:
I am new to WebObjects and wanted to ask you all for some help...
there are several threads about login / security but I am not
getting it... please help if you can!
Ok, so from what I have seen, I think the best way to implement
and secure pages is with a “secureWrapper” component java class
file, that pages that need to be secured inherit from.
May I suggest that you download the source for GVC.SiteMaker from
http://www.sourceforge.net/projects/gvcsitemaker and then look at
the class GVCSiteMaker/Code/GVCSMCore/src/com/gvcsitemaker/core/
components/SMAuthComponent.java
That will give you a commented, working example of what you need to
do.
We also throw a boolean, "isLoggedIn", in the session class that
the “login.wo” sets to true after a users credentials have been
verified.
It is probably better keep the User object in the session and
define isLoggedIn as authenticatedUser() != null. That User object
always comes in handy later...
appendToResponse() seems to be the chosen method of redirecting...
It is the phase in the request - response loop that redirecting is
appropriately done in.
which is one of the many things I am not getting here... it seems
overly complicated in the examples espically when compared to
pageWithName()...
Well, they do have wildly different jobs.
but I believe this is due to a WO constructor not being able to
return a different WO.. as during the execuition of the
crontstrucor the WO is not initated yet... ?
As in Java not allowing this. As in this being an inappropriate
place to redirect.
Then any WO that a user needs to be authenticated for, lets say
main, “extends” the secureWrapper (instead of the normal
WOComponent), and then the main's constructor calls the
appendToResponse method
NO! _you_ never call appendToResponse. The WebObjects frameworks
call it at the appropriate time.
that it inherited from the secureWrapper... and redirects based on
the value of the session boolean isLoggedIn.... (retuns null, in
this case leaving the user at main if isLoggedIn is true and
redirecting to “login” if the boolean is false )
This is not done at object construction time. You either have to
do this before or after the object has been constructed. Usually
this is done after so that the page can decide itself if the user
can see it or not (i.e. logged in and has correct permissions).
I think I have the logic right but the code is escaping me... I
tried hacking something out, but the appendToResponse() call in
the main.wo constructor gives a compile error of “cannot find
symbol”. Even if I try using n.appendToResponse() where n is
anything and everything I thought might work, I get the same
error... And even then I am not sure my appendToResponse usage is
right.. or where I am placing the call...
Um, sounds like you are wildly hacking. How well do you know
Java? If not well, you are well advised to brush up on this first
before tackling the complexity of WebObjects. My book (see sig) is
going to be a bit advanced for you, but may be of considerable use
in explaining the request - response loop.
If someone could throw me some example code for implementing the
above scenario, specifically how the main constructor and
appendToResponse in the secureWrapper should look that would be
hugely apperciated... or any other pointers that also apperciated...
You are way off track so hopefully the code I pointed you to above
will help.
Chuck
--
Practical WebObjects - for developers who want to increase their
overall knowledge of WebObjects or who are trying to solve specific
problems. http://www.global-village.net/products/
practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40logicunited.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden