abstract component with authentication check?
Locked
abstract component with authentication check?
 
|
Hi,
I have an abstract class WAMyComponentWithAuthentication with dozens of subclasses. A number of those subclasses are registered as an application at a certain entry point. Now I'd like to implement WAMyComponentWithAuthenticationin such a way that it checks if the session is stil authenticated. If not, I want to call: aWAMyComponentLogon. I used to do this via #initialRequest: ... self sessionAuthenticated ifFalse: [self session mainClass new call: myLoginComponent]. ... But now after upgrading to 3.0 this no longer works. It was a hack anyway. This seems so basic but I can't figure out how to do this. Ivo Roefs _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: abstract component with authentication check?
|
|
Hi Ivo,
I never did authentication thingies in Seaside2.8 but I have those running in Seaside3.0, so I can try to help. What exactly is breaking in your current code? From what I get from your snippets, I have the impression such a scheme should work if it was working in 2.8. Another way to do authentication, is by defining a task and implementing the flow such that a login component is shown first. Btw, the seaside book has a section with an example on one way to do this: http://book.seaside.st/book/in-action/session/customize-session On 29 Oct 2010, at 09:09, Ivo Roefs wrote: > ... > self sessionAuthenticated ifFalse: [self session mainClass new call: myLoginComponent]. > ... > But now after upgrading to 3.0 this no longer works. It was a hack anyway. > > This seems so basic but I can't figure out how to do this. > > Ivo Roefs > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: abstract component with authentication check?
|
|
Hi Johan,
Thanks for your reply. Now I realize that I want the authorization check everytime the component is accessed (rendered). I think this is not possible via #initialRequest nor by using WATask? Would it be possible to write a custom WADelegation (or other decoration) which does the actual authorization check? If checkOK, pass on to next, if not render the delegate (login component). I also encountered all kinds of "filter" methods in the code? I this something I could use? I indeed already use a customized session as is described in "http://book.seaside.st/book/in-action/session/customize-session" About the snippet: (self session mainClass new) gives me an instance of WARenderLoopMain. #call: was implemented on WARenderLoopMain in the previous versions, but apparently has been removed in 3.0. If I try to make a call in an other way, I get a message "You can only #call: and #answer: from within a callback or a Task." Ivo Roefs Op 29/10/2010 15:31, Johan Brichau schreef: > Hi Ivo, > > I never did authentication thingies in Seaside2.8 but I have those running in Seaside3.0, so I can try to help. > > What exactly is breaking in your current code? From what I get from your snippets, I have the impression such a scheme should work if it was working in 2.8. > > Another way to do authentication, is by defining a task and implementing the flow such that a login component is shown first. > > Btw, the seaside book has a section with an example on one way to do this: http://book.seaside.st/book/in-action/session/customize-session > > On 29 Oct 2010, at 09:09, Ivo Roefs wrote: > >> ... >> self sessionAuthenticated ifFalse: [self session mainClass new call: myLoginComponent]. >> ... >> But now after upgrading to 3.0 this no longer works. It was a hack anyway. >> >> This seems so basic but I can't figure out how to do this. >> >> Ivo Roefs >> _______________________________________________ >> seaside mailing list >> [hidden email] >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: abstract component with authentication check?
|
|
Ivo,
If you want to check on every request, I guess this is because you have both freely accessible and restricted components in your application _and_ you only want to ask for authentication the first time the user accesses a restricted component? However, doing this check during the rendering of the component will not allow you to pass control to a login component in the same way as #call: passes control. Moreover, #call: can indeed only be sent in a callback, not in the rendering code. If you want to prohibit the display of restricted components in the rendering phase, then I think custom visual decorators are indeed the only option. But if some components are embedded inside others, the login component will simply display in their spot of the webpage. That might not always be desirable. Making custom request filters is an intriguing option to look at but I have no idea if the session is available in filters and if you can redirect to a login component from there. I'm also not sure if they are intended to be customized. Now if your application does not need both authorized and non-authorized components, you do not need to check at every request. The way seaside works is that every request that pertains to a single seaside session will use the same session object. If you ask the user to login on the first request (when the session object is created), you are sure that the session is authenticated for all later requests. In my opinion, the best way to achieve this is by defining a task and using that task as the main class of your application (i.e. the entry point). The task will call the login component until the user is authenticated. Johan On 31 Oct 2010, at 09:44, Ivo Roefs wrote: > Hi Johan, > > Thanks for your reply. > > Now I realize that I want the authorization check everytime the component is accessed (rendered). > I think this is not possible via #initialRequest nor by using WATask? > > Would it be possible to write a custom WADelegation (or other decoration) which does the actual authorization check? > If checkOK, pass on to next, if not render the delegate (login component). > > I also encountered all kinds of "filter" methods in the code? I this something I could use? > > I indeed already use a customized session as is described in "http://book.seaside.st/book/in-action/session/customize-session" > > About the snippet: > (self session mainClass new) gives me an instance of WARenderLoopMain. > #call: was implemented on WARenderLoopMain in the previous versions, but apparently has been removed in 3.0. > If I try to make a call in an other way, I get a message "You can only #call: and #answer: from within a callback or a Task." > > Ivo Roefs > > > > Op 29/10/2010 15:31, Johan Brichau schreef: >> Hi Ivo, >> >> I never did authentication thingies in Seaside2.8 but I have those running in Seaside3.0, so I can try to help. >> >> What exactly is breaking in your current code? From what I get from your snippets, I have the impression such a scheme should work if it was working in 2.8. >> >> Another way to do authentication, is by defining a task and implementing the flow such that a login component is shown first. >> >> Btw, the seaside book has a section with an example on one way to do this: http://book.seaside.st/book/in-action/session/customize-session >> >> On 29 Oct 2010, at 09:09, Ivo Roefs wrote: >> >>> ... >>> self sessionAuthenticated ifFalse: [self session mainClass new call: myLoginComponent]. >>> ... >>> But now after upgrading to 3.0 this no longer works. It was a hack anyway. >>> >>> This seems so basic but I can't figure out how to do this. >>> >>> Ivo Roefs >>> _______________________________________________ >>> seaside mailing list >>> [hidden email] >>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside >> >> > _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: abstract component with authentication check?
|
|
On Sun, Oct 31, 2010 at 3:01 PM, Johan Brichau <[hidden email]> wrote:
> Making custom request filters is an intriguing option to look at but I have no idea if the session is available in filters and if you can redirect to a login component from there. I'm also not sure if they are intended to be customized. The session is available from a filter if it is attached to the session. And you should definitely feel free to implement your own filters if they seem like the right solution. You won't be able to #call: in the session filter, but you can certainly redirect somewhere, return a response, or even do a #show: on your root component. Julian _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
RE: abstract component with authentication check?
|
|
Hello,
I'm a bit stuck with a stupid problem. I'd like to display only a part of a DateSelector . I tried this for the year for example: canvas table: [
canvas tableRow: [
canvas tableData: 'Year:'.
canvas tableData: [canvas render: yearSelector ]
]
] But it didn't work... I would like to display the same thing as my code but without the months and days. I also want to choose from the range of years that must be in my scroll menu. Thx a lot and sorry for the silly question but I can't find very nice doc online :( Alex
_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Sorry I just reply to some random topic :s
From: [hidden email] To: [hidden email] Subject: RE: [Seaside] abstract component with authentication check? Date: Sun, 31 Oct 2010 23:25:11 +0000 Hello, I'm a bit stuck with a stupid problem. I'd like to display only a part of a DateSelector . I tried this for the year for example: canvas table: [
canvas tableRow: [
canvas tableData: 'Year:'.
canvas tableData: [canvas render: yearSelector ]
]
] But it didn't work... I would like to display the same thing as my code but without the months and days. I also want to choose from the range of years that must be in my scroll menu. Thx a lot and sorry for the silly question but I can't find very nice doc online :( Alex
_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
Ok I finally found it online.
For those who are interested: http://lists.seaside.st/archives/commits/2009-September/000743.html alex
From: [hidden email] To: [hidden email] Subject: RE: [Seaside] abstract component with authentication check? Date: Sun, 31 Oct 2010 23:25:11 +0000 Hello, I'm a bit stuck with a stupid problem. I'd like to display only a part of a DateSelector . I tried this for the year for example: canvas table: [
canvas tableRow: [
canvas tableData: 'Year:'.
canvas tableData: [canvas render: yearSelector ]
]
] But it didn't work... I would like to display the same thing as my code but without the months and days. I also want to choose from the range of years that must be in my scroll menu. Thx a lot and sorry for the silly question but I can't find very nice doc online :( Alex
_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
«
Return to Seaside General
|
1 view|%1 views
| Free forum by Nabble | Edit this page |