abstract component with authentication check?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

abstract component with authentication check?

Ivo Roefs-2
Hi,

I have an abstract class WAMyComponentWithAuthentication with dozens of
subclasses. A number of those subclasses are registered as an
application at a certain entry point.
Now I'd like to implement WAMyComponentWithAuthenticationin such a way
that it checks if the session is stil authenticated.
If not, I want to call:  aWAMyComponentLogon.

I used to do this via  #initialRequest:
...
self sessionAuthenticated ifFalse: [self session mainClass new call:  
myLoginComponent].
...
But now after upgrading to 3.0 this no longer works. It was a hack anyway.

This seems so basic but I can't figure out how to do this.

Ivo Roefs
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: abstract component with authentication check?

Johan Brichau-2
Hi Ivo,

I never did authentication thingies in Seaside2.8 but I have those running in Seaside3.0, so I can try to help.

What exactly is breaking in your current code? From what I get from your snippets, I have the impression such a scheme should work if it was working in 2.8.

Another way to do authentication, is by defining a task and implementing the flow such that a login component is shown first.

Btw, the seaside book has a section with an example on one way to do this: http://book.seaside.st/book/in-action/session/customize-session

On 29 Oct 2010, at 09:09, Ivo Roefs wrote:

> ...
> self sessionAuthenticated ifFalse: [self session mainClass new call:  myLoginComponent].
> ...
> But now after upgrading to 3.0 this no longer works. It was a hack anyway.
>
> This seems so basic but I can't figure out how to do this.
>
> Ivo Roefs
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: abstract component with authentication check?

Ivo Roefs-2
Hi Johan,

Thanks for your reply.

Now I realize that I want the authorization check everytime the
component is accessed (rendered).
I think this is not possible via #initialRequest nor by using WATask?

Would it be possible to write a custom WADelegation (or other
decoration) which does the actual authorization check?
If checkOK,  pass on to next,  if not render the delegate (login component).

I also encountered all kinds of "filter" methods in the code? I this
something I could use?

I indeed already use a customized session as is described in
"http://book.seaside.st/book/in-action/session/customize-session"

About the snippet:
(self session mainClass new) gives me an instance of WARenderLoopMain.
#call: was implemented on WARenderLoopMain in the previous versions, but
apparently has been removed in 3.0.
If I try to make a call in an other way, I get a message "You can only
#call: and #answer: from within a callback or a Task."

Ivo Roefs



Op 29/10/2010 15:31, Johan Brichau schreef:

> Hi Ivo,
>
> I never did authentication thingies in Seaside2.8 but I have those running in Seaside3.0, so I can try to help.
>
> What exactly is breaking in your current code? From what I get from your snippets, I have the impression such a scheme should work if it was working in 2.8.
>
> Another way to do authentication, is by defining a task and implementing the flow such that a login component is shown first.
>
> Btw, the seaside book has a section with an example on one way to do this: http://book.seaside.st/book/in-action/session/customize-session
>
> On 29 Oct 2010, at 09:09, Ivo Roefs wrote:
>
>> ...
>> self sessionAuthenticated ifFalse: [self session mainClass new call:  myLoginComponent].
>> ...
>> But now after upgrading to 3.0 this no longer works. It was a hack anyway.
>>
>> This seems so basic but I can't figure out how to do this.
>>
>> Ivo Roefs
>> _______________________________________________
>> seaside mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
>

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: abstract component with authentication check?

Johan Brichau-2
Ivo,

If you want to check on every request, I guess this is because you have both freely accessible and restricted components in your application _and_ you only want to ask for authentication the first time the user accesses a restricted component? However, doing this check during the rendering of the component will not allow you to pass control to a login component in the same way as #call: passes control. Moreover, #call: can indeed only be sent in a callback, not in the rendering code.

If you want to prohibit the display of restricted components in the rendering phase, then I think custom visual decorators are indeed the only option. But if some components are embedded inside others, the login component will simply display in their spot of the webpage. That might not always be desirable.
Making custom request filters is an intriguing option to look at but I have no idea if the session is available in filters and if you can redirect to a login component from there. I'm also not sure if they are intended to be customized.

Now if your application does not need both authorized and non-authorized components, you do not need to check at every request. The way seaside works is that every request that pertains to a single seaside session will use the same session object. If you ask the user to login on the first request (when the session object is created), you are sure that the session is authenticated for all later requests. In my opinion, the best way to achieve this is by defining a task and using that task as the main class of your application (i.e. the entry point). The task will call the login component until the user is authenticated.

Johan

On 31 Oct 2010, at 09:44, Ivo Roefs wrote:

> Hi Johan,
>
> Thanks for your reply.
>
> Now I realize that I want the authorization check everytime the component is accessed (rendered).
> I think this is not possible via #initialRequest nor by using WATask?
>
> Would it be possible to write a custom WADelegation (or other decoration) which does the actual authorization check?
> If checkOK,  pass on to next,  if not render the delegate (login component).
>
> I also encountered all kinds of "filter" methods in the code? I this something I could use?
>
> I indeed already use a customized session as is described in "http://book.seaside.st/book/in-action/session/customize-session"
>
> About the snippet:
> (self session mainClass new) gives me an instance of WARenderLoopMain.
> #call: was implemented on WARenderLoopMain in the previous versions, but apparently has been removed in 3.0.
> If I try to make a call in an other way, I get a message "You can only #call: and #answer: from within a callback or a Task."
>
> Ivo Roefs
>
>
>
> Op 29/10/2010 15:31, Johan Brichau schreef:
>> Hi Ivo,
>>
>> I never did authentication thingies in Seaside2.8 but I have those running in Seaside3.0, so I can try to help.
>>
>> What exactly is breaking in your current code? From what I get from your snippets, I have the impression such a scheme should work if it was working in 2.8.
>>
>> Another way to do authentication, is by defining a task and implementing the flow such that a login component is shown first.
>>
>> Btw, the seaside book has a section with an example on one way to do this: http://book.seaside.st/book/in-action/session/customize-session
>>
>> On 29 Oct 2010, at 09:09, Ivo Roefs wrote:
>>
>>> ...
>>> self sessionAuthenticated ifFalse: [self session mainClass new call:  myLoginComponent].
>>> ...
>>> But now after upgrading to 3.0 this no longer works. It was a hack anyway.
>>>
>>> This seems so basic but I can't figure out how to do this.
>>>
>>> Ivo Roefs
>>> _______________________________________________
>>> seaside mailing list
>>> [hidden email]
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>
>>
>

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: abstract component with authentication check?

Julian Fitzell-2
On Sun, Oct 31, 2010 at 3:01 PM, Johan Brichau <[hidden email]> wrote:
> Making custom request filters is an intriguing option to look at but I have no idea if the session is available in filters and if you can redirect to a login component from there. I'm also not sure if they are intended to be customized.

The session is available from a filter if it is attached to the
session. And you should definitely feel free to implement your own
filters if they seem like the right solution.

You won't be able to #call: in the session filter, but you can
certainly redirect somewhere, return a response, or even do a #show:
on your root component.

Julian
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

RE: abstract component with authentication check?

Alexandre BP
Hello,

I'm a bit stuck with a stupid problem. I'd like to display only a part of a DateSelector .

I tried this for the year for example: 

canvas table: [ canvas tableRow: [ canvas tableData: 'Year:'. canvas tableData: [canvas render: yearSelector ] ] ]

But it didn't work... I would like to display the same thing as my code but without the months and days. I also want to choose from the range of years that must be in my scroll menu.

Thx a lot and sorry for the silly question but I can't find very nice doc online :(
Alex

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

DateSelector

Alexandre BP
Sorry I just reply to some random topic :s


From: [hidden email]
To: [hidden email]
Subject: RE: [Seaside] abstract component with authentication check?
Date: Sun, 31 Oct 2010 23:25:11 +0000

Hello,

I'm a bit stuck with a stupid problem. I'd like to display only a part of a DateSelector .

I tried this for the year for example: 

canvas table: [ canvas tableRow: [ canvas tableData: 'Year:'. canvas tableData: [canvas render: yearSelector ] ] ]

But it didn't work... I would like to display the same thing as my code but without the months and days. I also want to choose from the range of years that must be in my scroll menu.

Thx a lot and sorry for the silly question but I can't find very nice doc online :(
Alex

_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

RE: DateSelector

Alexandre BP
Ok I finally found it online.

Sorry for the trouble.
alex

From: [hidden email]
To: [hidden email]
Subject: RE: [Seaside] abstract component with authentication check?
Date: Sun, 31 Oct 2010 23:25:11 +0000

Hello,

I'm a bit stuck with a stupid problem. I'd like to display only a part of a DateSelector .

I tried this for the year for example: 

canvas table: [ canvas tableRow: [ canvas tableData: 'Year:'. canvas tableData: [canvas render: yearSelector ] ] ]

But it didn't work... I would like to display the same thing as my code but without the months and days. I also want to choose from the range of years that must be in my scroll menu.

Thx a lot and sorry for the silly question but I can't find very nice doc online :(
Alex

_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside