Re: accessing WO app without the need of a session....
Re: accessing WO app without the need of a session....
- Subject: Re: accessing WO app without the need of a session....
- From: David LeBer <email@hidden>
- Date: Mon, 5 Oct 2009 08:29:12 -0400
On 2009-10-05, at 7:27 AM, Gustavo Pizano wrote:
This assumes that you don't create sessions for non logged in users.
- You need to be careful here as you can accidentally create a
session when you fetch data.
uuu... I eventually need to fecth some data to show in that
WOComponent, so I may be creating accidentally sessions?.. that
doesn't sound good... isn't it?
so if a session is created I need to terminate it?
Don't plan on terminating the session. Plan on not creating one.
The two places where a session can get created are in the DA and in
the page you return:
Direct Action
-----------------
You don't need a session to fetch data, you just need an editing
context. You can create one in your DA (just remember to follow proper
locking procedure).
If you do not ask for a session in your DA one will not be created.
Page
----------------
Do not use the 'action' binding for any WOHyperlinks or other
clickable components on the page, create DAs and use the
directActionName binding instead. If possible use generic html tags
(<img/> etc) for everything else and you will be safe.
Authentication
-------------------
For authentication, I am afraid you are on your own. You need to
figure out a way to pass credentials from the J2EE app to the WO app
(cookies maybe? form values in the request? I dunno depends on your
setup). And then authenticate based on those in your DA.
G.
Rob.
On 5 Oct 2009, at 11:10, Gustavo Pizano wrote:
aha ok, I know now how to call the DA using http://$HOSTNAME/cgi-bin/WebObjects/$APPNAME.woa/wa/$DIRECTACTIONNAME
link.. hehhe. now I have realize I a have a security HOLE! in my
app with one direct action that access the administration tools,
hehhe.. how to secure it? I read it must be secured if I don't want
to allow random access...
so in my iFrame I can set up the link to be the one that points to
my DA and, I should not put any action comoponet in the WOCompoment
that it returns the DA, otherwise I will have problems, as far as I
understood.
Thx
Gus
On Mon, Oct 5, 2009 at 10:58 AM, email@hidden <email@hidden
> wrote:
Hi Gustavo,
You can use a Direct Action if you don't have a session.
Rob.
On 5 Oct 2009, at 09:04, Gustavo Pizano wrote:
Hello, this is what I need to achieve.
I have an J2ee app running on apache, and I have a WOApp running on
a G5.
Now, I want to show in the j2ee app in an iframe a WOComponent that
will show a list of items from the database based on a selected
User, user is an Enterprise Object.
I read somwhwere, but I cant recall where, that I can acces the WO
without the neeed of a session ID, or even authenticating, as I
said I can't find where I read about it.
Questions, will this approach, will allow me to do fetch to the DB
even without a SessionID?, (silly question, I know but as you know
im still new to some things).
Will this approach be better than doing WebServices with WO?....
What will be your suggestions.? thinking that I need to select a
user and filter the query. ?, should the user selection pop up be
inside the WOComponent, or should it be sent somehow to the
WOComponent from the j2ee?
confused here. :S//...
any help as alwasy will be very very appreciate it.
Im in the mood today to make things work... :P :P :D
thx
G.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
;david
--
David LeBer
Codeferous Software
'co-def-er-ous' adj. Literally 'code-bearing'
site: http://codeferous.com
blog: http://davidleber.net
profile: http://www.linkedin.com/in/davidleber
twitter: http://twitter.com/rebeld
--
Toronto Area Cocoa / WebObjects developers group:
http://tacow.org
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden