Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    Spring security question

    Hi,

    I have read http://forums.smartclient.com/showthread.php?t=9633

    There is one thing I'm missing. There are two different markers defined.

    Code:
    	protected static final String LOGIN_REQUIRED_MARKER = "<SCRIPT>//'\"]]>>isc_loginRequired\n" + "//\n" + "// Embed this whole script block VERBATIM into your login page to enable\n"
			+ "// SmartClient RPC relogin.\n" + "\n" + "while (!window.isc && document.domain.indexOf(\".\") != -1) {\n" + "    try {\n" + "\t\n" + "        if (parent.isc == null) {\n"
			+ "            document.domain = document.domain.replace(/.*?\\./, '');\n" + "            continue;\n" + "        } \n" + "        break;\n" + "    } catch (e) {\n"
			+ "        document.domain = document.domain.replace(/.*?\\./, '');\n" + "    }\n" + "}\n" + "\n" + "var isc = top.isc ? top.isc : window.opener ? window.opener.isc : null;\n"
			+ "if (isc) isc.RPCManager.delayCall(\"handleLoginRequired\", [window]);\n" + "</SCRIPT>";

	protected final String SUCCESS_MARKER = "<SCRIPT>//'\"]]>>isc_loginSuccess\n" + "//\n" + "// When doing relogin with a webserver-based authenticator, protect this page with it and\n"
			+ "// target your login attempts at this page such that when the login succeeds, this page is\n" + "// returned.\n" + "//\n"
			+ "// If you are integrating with a web service that returns a fault, paste this entire script\n" + "// block VERBATIM into the fault text.\n" + "\n"
			+ "while (!window.isc && document.domain.indexOf(\".\") != -1) {\n" + "    try {\n" + "        if (parent.isc == null) {\n"
			+ "            document.domain = document.domain.replace(/.*?\\./, '');\n" + "            continue;\n" + "        } \n" + "        break;\n" + "    } catch (e) {\n"
			+ "        document.domain = document.domain.replace(/.*?\\./, '');\n" + "    }\n" + "}\n" + "\n" + "var isc = top.isc ? top.isc : window.opener ? window.opener.isc : null;\n"
			+ "if (isc) isc.RPCManager.delayCall(\"handleLoginSuccess\", [window]);\n" + "</SCRIPT>";
    I can imagine how to create a the MAX_LOGIN_ATTEMPTS_EXCEEDED_MARKER

    However, when the authentication fails, I'd like to send the actual error message. i.e. "Account locked for xx minutes."

    Code:
    new RPCCallback() {
			@Override
			public void execute(RPCResponse response, Object rawData, RPCRequest request) {
				if (response.getStatus() == RPCResponse.STATUS_SUCCESS) {
					...
				} else if (response.getStatus() == RPCResponse.STATUS_LOGIN_INCORRECT) {
					...
					SC.warn((String)rawData);
				} else if (response.getStatus() == RPCResponse.STATUS_MAX_LOGIN_ATTEMPTS_EXCEEDED) {
					SC.warn(i18nMessages.loginScreen_loginFailed_maxLoginAttemptsExceeded());
				}
    when I send the LOGIN_REQUIRED_MARKER I need to send rawData along with this.

    How could this be done?

    best regards,
    Zdary
    Tags: None
    #2
    If it really a varying amount, you can stick it somewhere in the response and parse it out of rawData, which is the raw text of the response. The only requirement with the markers is that they be present - they do not have to be the entire response.

    Comment

      #3
      I see, I was confused that rawData is null. Now, I have discovered dsResponse.getAttribute("httpResponseText"); contains the whole marker including the commented part. thank you

      Code:
      dsResponse.getAttribute("httpResponseText")=<SCRIPT>//'"]]>>isc_loginSuccess
//
// When doing relogin with a webserver-based authenticator, protect this page with it and
// target your login attempts at this page such that when the login succeeds, this page is
// returned.
//
// If you are integrating with a web service that returns a fault, paste this entire script
// block VERBATIM into the fault text.

while (!window.isc && document.domain.indexOf(".") != -1) {
    try {
        if (parent.isc == null) {
            document.domain = document.domain.replace(/.*?\./, '');
            continue;
        } 
        break;
    } catch (e) {
        document.domain = document.domain.replace(/.*?\./, '');
    }
}

var isc = top.isc ? top.isc : window.opener ? window.opener.isc : null;
if (isc) isc.RPCManager.delayCall("handleLoginSuccess", [window]);
</SCRIPT>

      Comment

      Previous template Next
      Working...
      X